Kostas

icon indicating a website link https://kostas.page/

icon location Mars icon location Coding mostly for threat hunting, threat intelligence, and detection engineering.

Results 3 issues of Kostas

Contribute Sigma Rules from Personal Repository to Main Sigma Repository

5 comment

### Summary of the Pull Request This PR introduces a set of Sigma rules originally published in my personal repository (https://github.com/tsale/Sigma_rules). The project was created to include unique rules based...

Rules
Work In Progress
Windows

The DFIR Report Rule Modifications

### Summary of the Pull Request Updated author formatting in multiple rules for consistency. Added example command line to the PowerShell download cradle rule. Adjusted detection criteria in the PowerShell...

Rules
Windows
Emerging-Threats
Ready to Merge

Add detection rules for abuse of OpenEDR's response features

### Summary of the Pull Request Two new detection rules for identifying potential abuse of OpenEDR's remote management features as described [here](https://kostas-ts.medium.com/detecting-abuse-of-openedrs-permissive-edr-trial-a-security-researcher-s-perspective-fc55bf53972c). OpenEDR cloud-based solution, powered by XCitium, includes RMM...

Rules
Author Input Required
Windows