Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 09:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 6a228d23ee update to reflect replacement by sentinelone-queries master keyboardcrunch 2021-01-11 13:40:30 -06:00
  • 9310ec5c67 T1003.003 NTDS Copy @ 2020-10-23 17:45:53 -05:00
  • 227c78fdad retitle @ 2020-10-23 17:20:25 -05:00
  • cf93ffd1f5 T1003.001 LSASS Memory Dumping @ 2020-10-23 17:20:09 -05:00
  • 24fe744d20 T1003.004 LSA Secrets @ 2020-10-23 16:48:15 -05:00
  • ccedb27d75 rename @ 2020-10-23 16:43:01 -05:00
  • 62d43adb96 T1056.001 Keylogging @ 2020-10-23 16:38:38 -05:00
  • d5c67eb507 revert format change @ 2020-10-23 15:50:53 -05:00
  • c7deea4971 formatting update @ 2020-10-23 15:50:16 -05:00
  • 9f3198ba03 T1552.006 Group Policy Preferences @ 2020-10-23 15:49:37 -05:00
  • c976d3a053 T1056.002 GUI Input Capture @ 2020-10-23 15:24:56 -05:00
  • 0dca759370 Renamed T1552.002 @ 2020-10-23 15:14:34 -05:00
  • 1ee7efa88a T1552.002 Credentials in Registry @ 2020-10-23 15:13:38 -05:00
  • 619c7d57fc T1555.003 Modified AccessChk @ 2020-10-23 15:05:20 -05:00
  • f30d6d6bff T1056.004 Cred API Hooking @ 2020-10-23 14:15:32 -05:00
  • 69e0d5a835 T1552.001 LaZagne and findstr @ 2020-10-23 14:04:26 -05:00
  • de7146f4c4 Moving Exfil to completed @ 2020-09-27 12:22:26 -05:00
  • b531c3e775 Putting wrap on Exfil queries for now @ 2020-09-27 12:22:16 -05:00
  • cef2936e2d Moving Impact to completed @ 2020-09-27 12:11:18 -05:00
  • c62672e0c3 Added T1489 @ 2020-09-27 12:11:07 -05:00
  • ee7bfc3817 Removed T1529 system reboot/shutdown @ 2020-09-27 12:03:12 -05:00
  • d5ca86bf47 Added T1490 @ 2020-09-27 12:02:04 -05:00
  • 40b378a6e3 updated T1485 @ 2020-09-27 11:52:51 -05:00
  • 9340e2a284 T1485 Data Destruction @ 2020-09-27 11:47:04 -05:00
  • f8b8d88392 T1531 added @ 2020-09-27 11:27:02 -05:00
  • 9da3392c99 restructure of directory contents @ 2020-09-27 11:14:21 -05:00
  • 54bfe573f7 finished lateral movement @ 2020-09-27 11:07:57 -05:00
  • 1de20cecc6 more ttps @ 2020-09-27 11:07:13 -05:00
  • 5e824edf8b T1550 PtH and PtT @ 2020-09-27 10:00:25 -05:00
  • 23e97ac3c4 T1021.001 Scripted Lateral RDP @ 2020-09-27 09:52:42 -05:00
  • 7e96efb030 T1563.002 RDP Hijack @ 2020-09-27 09:32:55 -05:00
  • 177dbb3f73 update T1548.002 @ 2020-09-22 17:37:07 -05:00
  • 81a9afd8a2 reformat @ 2020-09-22 16:15:18 -05:00
  • 14553d505f reformat @ 2020-09-22 16:14:33 -05:00
  • f43c63475d added CMSTPLUA COM UAC bypass @ 2020-09-22 16:08:08 -05:00
  • 07a639293f Added few techniques for T1562.001 @ 2020-09-20 23:01:55 -05:00
  • 6c408de3ea Added T1562.004 techniques @ 2020-09-20 22:24:32 -05:00
  • 1a2a4884e8 T1562.002 Disable Windows Event Logging @ 2020-09-20 21:57:42 -05:00
  • ee235baf2d T1140 Certutil Obsc exec @ 2020-09-20 21:42:39 -05:00
  • d652329a8b updated control panel detection @ 2020-09-20 21:05:11 -05:00
  • 07929d190c T1218.002 @ 2020-09-20 21:01:50 -05:00
  • 9e709ffe58 spelling and formatting @ 2020-09-20 20:36:09 -05:00
  • 29d8329562 Merge branch 'master' of github.com:keyboardcrunch/SentinelOne-ATTACK-Queries @ 2020-09-20 20:34:28 -05:00
  • fcc767baac T1218.003 CMSTP @ 2020-09-20 20:33:40 -05:00
  • 4cb3f6421e T1197 @ 2020-09-20 20:25:59 -05:00
  • 6c21202b61 T1055.004 @ 2020-09-20 20:24:24 -05:00
  • 626c91870b Update README.md keyboardcrunch 2020-09-18 22:03:24 -05:00
  • d3151f7337 Update README.md keyboardcrunch 2020-09-18 22:02:52 -05:00
  • 9cca8c70c8 updated readme @ 2020-09-18 18:09:07 -05:00
  • b84a3cf8fc Added T1569.002 service execution @ 2020-09-18 18:08:40 -05:00
  • 639a0757da Updated T1059 techniques @ 2020-09-18 18:01:30 -05:00
  • c17dce22d1 added T1059.003 Windows Command Shell @ 2020-09-18 17:43:37 -05:00
  • ac56189245 T1047 WMIC added @ 2020-09-18 17:34:52 -05:00
  • 9d25442f26 bumped Persistence to completed @ 2020-09-18 16:48:55 -05:00
  • d373a6c56c removed techniques that can't be queried on @ 2020-09-18 16:47:59 -05:00
  • 37fdd37ff2 Added T1505.003 webshell @ 2020-09-18 16:33:59 -05:00
  • 70c5d60778 Added T1505.002 Transport Agent @ 2020-09-18 16:13:35 -05:00
  • e98fca7964 update formatting @ 2020-09-18 16:03:35 -05:00
  • 017733e2ef updated T1053.005 @ 2020-09-18 16:02:59 -05:00
  • afb9bac150 Added T1053.005 Scheduled Tasks @ 2020-09-18 15:52:24 -05:00
  • 6d5b13d208 updated formatting for T1547.001 @ 2020-09-18 15:40:13 -05:00
  • eb9926dcd9 Added T1547.001 techniques @ 2020-09-18 15:39:23 -05:00
  • 210f123b47 title adjustment @ 2020-09-18 14:30:53 -05:00
  • 8bf41bd1eb Added T1176 Browser Extension Installation @ 2020-09-18 14:30:29 -05:00
  • 747886353b added T1197 BITS Jobs @ 2020-09-18 11:49:09 -05:00
  • 1a9bf0677a added T1136.001 Local Account @ 2020-09-18 11:16:12 -05:00
  • fd985833c7 added T1098 Account Manipulation @ 2020-09-18 10:46:39 -05:00
  • 6ef80dde53 updated persistence @ 2020-09-18 09:28:39 -05:00
  • 5a53575d17 fixed file name @ 2020-09-17 22:58:30 -05:00
  • 53544d9fc7 more techniques @ 2020-09-17 22:57:06 -05:00
  • 3fd635488c updated language @ 2020-09-17 21:35:53 -05:00
  • 16d274b826 added T1218.001 compiled html files @ 2020-09-17 21:33:53 -05:00
  • c3ecbc62a5 Added T1070.001 eventlog clearing @ 2020-09-17 21:16:36 -05:00
  • 68e93b08eb added desc to T1027.004 @ 2020-09-17 21:01:31 -05:00
  • c440e902e8 more queries @ 2020-09-17 20:57:35 -05:00
  • 2f1a7813d3 updated queries @ 2020-09-17 19:34:17 -05:00
  • 0746ad946e fix formatting @ 2020-09-17 16:44:50 -05:00
  • 56264d2db1 fix formatting @ 2020-09-17 16:43:33 -05:00
  • b4081d94bb merging changes @ 2020-09-17 16:41:15 -05:00
  • a758a042c5 Update README.md keyboardcrunch 2020-09-16 18:04:11 -05:00
  • a2fd422766 Add files via upload keyboardcrunch 2020-09-16 18:02:19 -05:00
  • 92ce710612 Update DefenseEvasion.md keyboardcrunch 2020-09-16 13:24:41 -05:00
  • 29c34d3d21 Update PrivilegeEscalation.md keyboardcrunch 2020-09-16 13:24:21 -05:00
  • 113a4dd908 Update README.md keyboardcrunch 2020-09-15 22:44:12 -05:00
  • 9b036e6363 Update README.md keyboardcrunch 2020-09-15 22:42:25 -05:00
  • a11206d450 Create README.md keyboardcrunch 2020-09-15 22:35:58 -05:00
  • e0b325f71d Create DefenseEvasion.md keyboardcrunch 2020-09-15 22:28:41 -05:00
  • 30a46908af Update and rename queries.md to PrivilegeEscalation.md keyboardcrunch 2020-09-15 22:09:46 -05:00
  • 289e26e94d Completed PrivEsc tactics. keyboardcrunch 2020-09-15 22:06:57 -05:00
  • 1193f4dad0 Update queries.md keyboardcrunch 2020-09-15 21:38:22 -05:00
  • 94daff9080 Update queries.md keyboardcrunch 2020-09-15 21:10:54 -05:00
  • a64e020479 T1546.002 Screensaver keyboardcrunch 2020-09-15 20:28:52 -05:00
  • 08549f4716 Update queries.md keyboardcrunch 2020-09-15 19:15:32 -05:00
  • 254ec7feb7 Added T1546.013 keyboardcrunch 2020-09-15 17:20:50 -05:00
  • a26444ba8d Update queries.md keyboardcrunch 2020-09-15 17:01:01 -05:00
  • af530aae58 T1134.004 Parent PID Spoofing added keyboardcrunch 2020-09-15 16:47:21 -05:00
  • 2b11a2768b Added T1546.007 netsh helper dll keyboardcrunch 2020-09-15 15:44:50 -05:00
  • cfdf3a71a0 Update queries.md keyboardcrunch 2020-09-15 15:23:25 -05:00
  • 16bd9f43d0 formatting and added technique keyboardcrunch 2020-09-15 14:13:18 -05:00
  • 1aedf1532f Adding T1574.002 and T1078.001 techniques keyboardcrunch 2020-09-15 13:29:47 -05:00