Charles BLANC-ROLIN

Script for Elasticsearch / Logstash daily cleanup

CVE-2021-34473 / ProxyShell Detection

Selks 6 > Selks 7 migration On Selks 6, backup your configuration : 1. Use the manage.py script to open dbshell : selks-user@computer:~$ sudo -s root@computer:/home/selks-user# cd /usr/share/python/scirius/ && ....

😉 The best way I think is install a clean SELKS 7 and import your SELKS 6 configuration. You can download ISO here : https://www.stamus-networks.com/selks#Download Sha256 sum are available here...

Fixed errors for write_dac & write_owner on container. New rule for remote dll injection failed on DNS Sever suggested.

Thanks for your reply @pevma ! I've the last version of Scirius, alwalys tagged 3.8.0, but it's updated (new date in © section) :  Another issue observed when I...

Thanks for your reply @pevma Update is OK, I've verified in scirius.rules file in the container and my new rules have been added :  But, the file is not...

> Please check, It is already cover by https://github.com/SigmaHQ/sigma/blob/85fd5958bcccdf12984ab5cc9230fcaf2d42c1e0/rules/windows/builtin/security/win_security_audit_log_cleared.yml Hi @frack113 , Thanks for your answer. Unfortunately this rule seems to have never worked for me, and after investigations, I...

Hi @frack113 , Here a sample from my lab : Nom du journal :Security Source : Microsoft-Windows-Eventlog Date : 22/04/2025 23:33:14 ID de l’événement :1102 Catégorie de la tâche :Effacement...