#DFIR #Python #YARA #Golang #SIEM #SOC #Sigma #Malware
Block or Report
Block or report Neo23x0
Report abuse
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abusePinned Loading
-
-
NextronSystems/APTSimulator Public
A toolset to make a system look as if it was the victim of an APT attack
2,048 contributions in the last year
Less
More
Contribution activity
November 2021
Created 200 commits in 8 repositories
Opened 28 pull requests in 2 repositories
SigmaHQ/sigma
1
open
26
merged
- Aurora false positive fixing
- Aurora false positive fixing
- Suspicious LSASS Process Clone
- fix: FPs noticed with Aurora
- fix: regex in lolbas rules
- Aurora false positive fixing
- fix: FPs noticed with Aurora
- fix: FPs
- fix: FP with suspicious svchost.exe rule
- fix: FPs with rules
- Aurora false positive fixing
- refactor: change rule for CVE-2021-42321 exploitation
- refactor: reworked psexec / paexec rules
- Aurora false positive fixing
- Aurora false positive fixing
- rules: InstallerFileTakeOver LPE CVE-2021-41379
- Aurora false positive fixing
- fix: FPs with Aurora
- fix: 0x1000 access on LSASS, rule: new LSASS access, rule: CVE-2021-41379
- fix: FPs; rule: Windows Shell File Write to Suspicious Folder
- fix: fixing several false positives
- rule: SiteCore PreAuth RCE, Winrar; fix: FPs
- Fixing FPs with memory access rules, new rule for suspicious new Tasks
- fix: FPs in different rules
- LSASS memory dump files, FP fix
- Some pull requests not shown.
