Skip to content

Latest commit

 

History

History
120 lines (75 loc) · 6.2 KB

references_s.md

File metadata and controls

120 lines (75 loc) · 6.2 KB

Sigma rule references as PDF

spring_application_exceptions

Title : Spring Framework Exceptions

Rule id : ae48ab93-45f7-4051-9dfe-5d30a3f78e33

Url Pdf
https://docs.spring.io/spring-security/site/docs/current/api/overview-tree.html pdf/86f8f5836a4aac7e18a6e40de7b16362e97034ccb03d2a4c5d49c8d1b48e4ac1.pdf

spring_spel_injection

Title : Potential SpEL Injection In Spring Framework

Rule id : e9edd087-89d8-48c9-b0b4-5b9bb10896b8

Url Pdf
https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection pdf/baff22020e054c615881408a6dcb6c6b0b911d86f6cafa232beed02e6defd575.pdf
https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs pdf/808d75891fee4d12a3b71d60f602f18c167d9a65052e162a72ada9446decc1f6.pdf

sysmon_config_modification

Title : Sysmon Configuration Change

Rule id : 8ac03a65-6c84-4116-acad-dc1558ff7a77

Url Pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon pdf/b85c6875a5a8f31663cf1ba2d3c6d55671f3636ac758436d0fbb3583cdb36b84.pdf

sysmon_config_modification_error

Title : Sysmon Configuration Error

Rule id : 815cd91b-7dbc-4247-841a-d7dd1392b0a8

Url Pdf
https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1562.001/T1562.001.md pdf/b1b62148b4f91208376ba1259148c5e9033b4f877492b8573631860c295d2b41.pdf
https://talesfrominfosec.blogspot.com/2017/12/killing-sysmon-silently.html pdf/c68aec05b525c49e28fb957281afcb8dcdfbf760bf54ff14b3ed5228a805ccc4.pdf

sysmon_config_modification_status

Title : Sysmon Configuration Modification

Rule id : 1f2b5353-573f-4880-8e33-7d04dcf97744

Url Pdf
https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1562.001/T1562.001.md pdf/b1b62148b4f91208376ba1259148c5e9033b4f877492b8573631860c295d2b41.pdf
https://talesfrominfosec.blogspot.com/2017/12/killing-sysmon-silently.html pdf/c68aec05b525c49e28fb957281afcb8dcdfbf760bf54ff14b3ed5228a805ccc4.pdf

sysmon_file_block_executable

Title : Sysmon Blocked Executable

Rule id : 23b71bc5-953e-4971-be4c-c896cda73fc2

Url Pdf
https://medium.com/@olafhartong/sysmon-14-0-fileblockexecutable-13d7ba3dff3e pdf/eebff45ab370c8840a7603ceb61cbfb3c9693b8c505c7e6b1b2bf4bf6f5ebc44.pdf

sysmon_file_block_shredding

Title : Sysmon Blocked File Shredding

Rule id : c3e5c1b1-45e9-4632-b242-27939c170239

Url Pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon pdf/b85c6875a5a8f31663cf1ba2d3c6d55671f3636ac758436d0fbb3583cdb36b84.pdf

sysmon_file_executable_detected

Title : Sysmon File Executable Creation Detected

Rule id : 693a44e9-7f26-4cb6-b787-214867672d3a

Url Pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon pdf/b85c6875a5a8f31663cf1ba2d3c6d55671f3636ac758436d0fbb3583cdb36b84.pdf
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 pdf/40212d4a64ba3cd0008a10370ca1693590d131f319eb129f563dbe8ddc423c84.pdf

sysmon_wmi_event_subscription

Title : WMI Event Subscription

Rule id : 0f06a3a5-6a09-413f-8743-e6cf35561297

Url Pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#event-id-19-wmievent-wmieventfilter-activity-detected pdf/6b046b8b025297ef840801230685cafed615d358fa7cea9aa06e06e137ead2ae.pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#event-id-20-wmievent-wmieventconsumer-activity-detected pdf/ab11360eb43bd3a46c229bde946beeb872d7ee2e403f4ad2a8a17e1ecdcfdc5b.pdf
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#event-id-21-wmievent-wmieventconsumertofilter-activity-detected pdf/19a7c0d2ca385b1a8ef8c1f98e60535d27eef3663f44adffb3946d5c08cecc19.pdf

sysmon_wmi_susp_encoded_scripts

Title : Suspicious Encoded Scripts in a WMI Consumer

Rule id : 83844185-1c5b-45bc-bcf3-b5bf3084ca5b

Url Pdf
https://github.com/RiccardoAncarani/LiquidSnake pdf/78ca0bb1f63f8be4eba4ca9ed3a004c40963b8f7055640f0b938c7ab85c57fa0.pdf

sysmon_wmi_susp_scripting

Title : Suspicious Scripting in a WMI Consumer

Rule id : fe21810c-2a8c-478f-8dd3-5a287fb2a0e0

Url Pdf
https://in.security/an-intro-into-abusing-and-identifying-wmi-event-subscriptions-for-persistence/ pdf/befcae819427208496a2de7e4386c29efb9a92df0ce80d5a5a8a448367d834fd.pdf
https://github.com/Neo23x0/signature-base/blob/615bf1f6bac3c1bdc417025c40c073e6c2771a76/yara/gen_susp_lnk_files.yar#L19 pdf/26393a22447016594bc83bc5ccfbcf588499741d52b7c0ce89dceba3c565dbb4.pdf
https://github.com/RiccardoAncarani/LiquidSnake pdf/78ca0bb1f63f8be4eba4ca9ed3a004c40963b8f7055640f0b938c7ab85c57fa0.pdf