Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Line 239 registry formatting #179

Open
wants to merge 210 commits into
base: master
Choose a base branch
from
Open

Line 239 registry formatting #179

wants to merge 210 commits into from

Conversation

kevinelwell
Copy link

Created issue 48

Change line 239 from:
<TargetObject condition="is">\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft Print to PDF\PrinterDriverData</TargetObject>

to:
<TargetObject condition="is">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft Print to PDF\PrinterDriverData</TargetObject>

Neo23x0 and others added 30 commits July 24, 2021 08:22
@Neo23x0
squashed pull requests from original repo
88e3a0b 
This was necessary to allow us to 1. merge all open pull request of the original repo AND 2. allow our new repository to receive new pull requests
@Neo23x0
HiveNightmare detection
bdc3fd2
@Neo23x0
docs: give credits to the contributors of the squashed pull requests
ca2ccea
@Neo23x0
docs: better line breaks in credits
fe70b87
@Neo23x0
PrinterNightmare coverage
23af2b4
@Neo23x0
feat: more PrinterNightmare coverage
f893c68
@Neo23x0
docs: info on extended coverage
510e4ed
@Neo23x0
fix: accidental removal of section
ca54b56
@Neo23x0
filter: OneDrive
876166b
@Neo23x0
SeriousSAM CS Pattern
4aa2ad4
@humpalum
First CI workflow draft
fd602c9 
Added a workflow that installs sysmon with the config and fails when sysmon has an error
@humpalum
fix: renamed main to master
7b98675
@humpalum
chore: Added Eventcount Check Job
fdb5396
@humpalum
chore: Added a simulated busy system
97b006c 
Also changed the numbers to allow up to about 5% of more events
@humpalum
chore: Fixed Branchnames
3530138
@humpalum
chore: Limiting Eventcount to Sysmon Events
df4e131
@Neo23x0
docs: add maintainers
94d37c3
@Neo23x0
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
17836fd
@phantinuss
ProcessAccess using CobaltStrike BOF NtOpenProcess
77d3adb
@phantinuss
lsass process access with relevant access rights
0c24d1d
@phantinuss
fix: use tab instead of space characters for indentation
def0883
@phantinuss
Merge pull request #2 from phantinuss/master
cd90b87 
Process Access Config für lsass.exe and CobaltStrike BOF
@Neo23x0
docs: update README
a253184
@Neo23x0
chore: full fledged sysmon config
5370dcf
@Neo23x0
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
337be95
@Neo23x0
chore: ignore .vscode
df67cdc
@Neo23x0
new CobaltStrike NamedPipe patterns
2618b37
@Neo23x0
Merge pull request #3 from Neo23x0/config-devel
454b72e 
New CobaltStrike NamedPipes
@DustyMMiller
Add Splunk exclusions per sysmon-modular
743a054
Merge remote-tracking branch 'DustyMMiller/master' into SwiftOnSecuri…
9dcf3b2 
…ty-PRs
nasbench and others added 30 commits February 10, 2023 00:05
@nasbench
feat: add onenote app to blocklist
9e25076
@phantinuss
Merge pull request #44 from nasbench/add-onenote-blocklist
86eb8c9 
feat: add onenote app to blocklist
@nasbench
Fixes #48
ae41115
@nasbench
Fixes #49
1276443
@nasbench
Fixes #43
0dc42ba
@nasbench
Fixes #50
9718f92
@nasbench
feat: update sysmon config
d6c7c57
@nasbench
feat: remove driver filters
b766604
@nasbench @phantinuss
fix: apply suggestions from code review
94a324a 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
@Neo23x0
new hacktool blocks
0ee029a
@Neo23x0
Merge pull request #51 from nasbench/resolve-issues
bb5c8a6 
feat: add new entries and resolve multiple issues
@Neo23x0
Update sysmonconfig-export-block.xml
65e6fff
@Neo23x0
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
6e36404
@cospirho
Remove duplicates sysmonconfig-export
46fd40f
@cospirho
Remove duplicates sysmonconfig-export-block
cea856d
@nasbench
Merge pull request #53 from cospirho/master
766b2a7 
feat: remove duplicate rules
@Neo23x0
new FileExecutableDetected Block
43f8ebf
@Neo23x0
Merge branch 'master' of https://github.com/Neo23x0/sysmon-config
8569801
@Neo23x0
loldrivers rules
87be34c
@Neo23x0
Update sysmonconfig-export.xml
f10d77f
@Neo23x0
fix: increase allowance for trace runs
bc734a5
@Neo23x0
feat: blocked config
21205e9
@Neo23x0
fix: schema version
65bc443
@Neo23x0
Merge pull request #56 from Neo23x0/loldrivers-extension
277c594 
loldrivers rules
@nasbench
Update sysmonconfig-export.xml
b2b5554
@nasbench
Update sysmonconfig-export-block.xml
8b8c419
@nasbench
Merge pull request #57 from nasbench/master
fa614fd 
feat: add vmware conf path
@Neo23x0
add: EDRSandblast
65c78ba 
adding EDRSandblast itself (not just the drivers used by it)
@Neo23x0
EDRSilencer hashes
2dc8575
@Neo23x0
add: EventLogCrasher
f944c05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet