{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":731097394,"defaultBranch":"master","name":"CB-Threat-Hunting","ownerLogin":"Sam0x90","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2023-12-13T10:55:29.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/13771868?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1702464935.959711","currentOid":""},"activityList":{"items":[{"before":"ca789390c763ffbc505d87852a55da61167ebe84","after":"18e23186ad7bf6b8eabc9e76fa44a54eacde623c","ref":"refs/heads/master","pushedAt":"2024-06-22T20:28:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new detection for malicious usage of bcdedit","shortMessageHtmlLink":"new detection for malicious usage of bcdedit"}},{"before":"fa06fb75603163fe4ffc7ed4f86d7b050fa87613","after":"ca789390c763ffbc505d87852a55da61167ebe84","ref":"refs/heads/master","pushedAt":"2024-06-14T09:33:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"adding detection for office document loading vbs","shortMessageHtmlLink":"adding detection for office document loading vbs"}},{"before":"5aa82bc77e4cfd097a924ebac0afaf69429c8242","after":"fa06fb75603163fe4ffc7ed4f86d7b050fa87613","ref":"refs/heads/master","pushedAt":"2024-06-10T21:45:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"re-commit of latest IcedID TheDFIRReport detections","shortMessageHtmlLink":"re-commit of latest IcedID TheDFIRReport detections"}},{"before":"2551ad2dd991c2fa7918837744fd1df0cb8588ee","after":"5aa82bc77e4cfd097a924ebac0afaf69429c8242","ref":"refs/heads/master","pushedAt":"2024-06-10T21:21:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"adding detection from latest IcedID report by TheDFIRReport","shortMessageHtmlLink":"adding detection from latest IcedID report by TheDFIRReport"}},{"before":"a687e485acd4bc77ed73f6ea96f3520b167d1f5d","after":"2551ad2dd991c2fa7918837744fd1df0cb8588ee","ref":"refs/heads/master","pushedAt":"2024-05-11T19:06:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"adding detection for windowscodecs dll search order hijack via calc","shortMessageHtmlLink":"adding detection for windowscodecs dll search order hijack via calc"}},{"before":"7524305ec840e0deceb5387d34456f0683e47aae","after":"a687e485acd4bc77ed73f6ea96f3520b167d1f5d","ref":"refs/heads/master","pushedAt":"2024-05-10T16:49:44.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Update README.md","shortMessageHtmlLink":"Update README.md"}},{"before":"0cf04115cab3e10ea70721a87e66648759c15210","after":"7524305ec840e0deceb5387d34456f0683e47aae","ref":"refs/heads/master","pushedAt":"2024-05-10T16:49:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Update README.md for detection format","shortMessageHtmlLink":"Update README.md for detection format"}},{"before":"45e5aa168d59b7cc5fb60f0fb83cb4237e6941c5","after":"0cf04115cab3e10ea70721a87e66648759c15210","ref":"refs/heads/master","pushedAt":"2024-05-10T14:48:29.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"updating reference for fancy bear aka apt28 detections","shortMessageHtmlLink":"updating reference for fancy bear aka apt28 detections"}},{"before":"8a8e87c9d5a3575205f0d3036618557dbaba9b57","after":"45e5aa168d59b7cc5fb60f0fb83cb4237e6941c5","ref":"refs/heads/master","pushedAt":"2024-05-10T14:44:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new detections for fancy bear aka apt28","shortMessageHtmlLink":"new detections for fancy bear aka apt28"}},{"before":"e429a3b07a701de0bc9808c3c1a2a2c37ee1b792","after":"8a8e87c9d5a3575205f0d3036618557dbaba9b57","ref":"refs/heads/master","pushedAt":"2024-05-08T05:10:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Fixed query as suggested by @__Parman__ on X\n\nhttps://x.com/__Parman__/status/1788027057479229527","shortMessageHtmlLink":"Fixed query as suggested by @__Parman__ on X"}},{"before":"df6f989b6215b1c4fe58f7084919a88f7b10275c","after":"e429a3b07a701de0bc9808c3c1a2a2c37ee1b792","ref":"refs/heads/master","pushedAt":"2024-05-07T19:48:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"adding detection for Inc RW from Huntress post","shortMessageHtmlLink":"adding detection for Inc RW from Huntress post"}},{"before":"e110407fda88c2a5f4b133ff34440af9e968b59d","after":"df6f989b6215b1c4fe58f7084919a88f7b10275c","ref":"refs/heads/master","pushedAt":"2024-05-07T07:26:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new detections related to APT42","shortMessageHtmlLink":"new detections related to APT42"}},{"before":"5ad1f00f1e107ceaaf07f5e104164dd3df1348ac","after":"e110407fda88c2a5f4b133ff34440af9e968b59d","ref":"refs/heads/master","pushedAt":"2024-05-04T10:40:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"adding detection for xp_cmdshell","shortMessageHtmlLink":"adding detection for xp_cmdshell"}},{"before":"0f718bffcc711dcccd73a7411377d29ff85e5263","after":"5ad1f00f1e107ceaaf07f5e104164dd3df1348ac","ref":"refs/heads/master","pushedAt":"2024-05-04T08:23:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Adding PowerUpSQL detection","shortMessageHtmlLink":"Adding PowerUpSQL detection"}},{"before":"442655eecbdd8826a410c97340596b9511eeca4c","after":"0f718bffcc711dcccd73a7411377d29ff85e5263","ref":"refs/heads/master","pushedAt":"2024-05-04T08:21:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Updating description for powersploit detection","shortMessageHtmlLink":"Updating description for powersploit detection"}},{"before":"3875e84c0020986a539fca529bbe80153846a926","after":"442655eecbdd8826a410c97340596b9511eeca4c","ref":"refs/heads/master","pushedAt":"2024-04-30T06:17:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Adjusting whitelisting in wmic loading scripting libraries","shortMessageHtmlLink":"Adjusting whitelisting in wmic loading scripting libraries"}},{"before":"868c5513a6e32169d040b9227a2ad22485cebd44","after":"3875e84c0020986a539fca529bbe80153846a926","ref":"refs/heads/master","pushedAt":"2024-04-30T05:42:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Fixing system username in scheduled task detection","shortMessageHtmlLink":"Fixing system username in scheduled task detection"}},{"before":"03b4eb85bb4ae95507d7bb020d2e003deccad674","after":"868c5513a6e32169d040b9227a2ad22485cebd44","ref":"refs/heads/master","pushedAt":"2024-04-29T21:28:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new set of detections for credential dumping and defense evasion","shortMessageHtmlLink":"new set of detections for credential dumping and defense evasion"}},{"before":"99094ee9060cc1ee9930c456a50d83c1c4a9ae75","after":"03b4eb85bb4ae95507d7bb020d2e003deccad674","ref":"refs/heads/master","pushedAt":"2024-04-29T18:55:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new credential dumping detections based on Purple Teaming","shortMessageHtmlLink":"new credential dumping detections based on Purple Teaming"}},{"before":"836b4295438e91b8fc5d2d302da72072ff84c924","after":"99094ee9060cc1ee9930c456a50d83c1c4a9ae75","ref":"refs/heads/master","pushedAt":"2024-04-29T18:29:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"fixing few rules after purple teaming","shortMessageHtmlLink":"fixing few rules after purple teaming"}},{"before":"1d137f04e28aa30c4c9fb4e0006ab59ed3d37d6a","after":"836b4295438e91b8fc5d2d302da72072ff84c924","ref":"refs/heads/master","pushedAt":"2024-04-29T05:17:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Whitelisting localhost in ADWS detection","shortMessageHtmlLink":"Whitelisting localhost in ADWS detection"}},{"before":"50ac48ac8722f92cac26ffc18d7762233da2a757","after":"1d137f04e28aa30c4c9fb4e0006ab59ed3d37d6a","ref":"refs/heads/master","pushedAt":"2024-04-28T15:32:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Update README.md with detection tips","shortMessageHtmlLink":"Update README.md with detection tips"}},{"before":"91e867343b817f0db1856b3fa3118611ba30056e","after":"50ac48ac8722f92cac26ffc18d7762233da2a757","ref":"refs/heads/master","pushedAt":"2024-04-28T15:30:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Update readme with detection tips bis","shortMessageHtmlLink":"Update readme with detection tips bis"}},{"before":"016ac06bf96494f67445c4bdecc8e65d7325d82b","after":"91e867343b817f0db1856b3fa3118611ba30056e","ref":"refs/heads/master","pushedAt":"2024-04-28T15:27:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"update the readme with detection tips","shortMessageHtmlLink":"update the readme with detection tips"}},{"before":"ea19e9feefe9258c352bb8383e6155e4f3595e05","after":"016ac06bf96494f67445c4bdecc8e65d7325d82b","ref":"refs/heads/master","pushedAt":"2024-04-28T12:08:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"first batch of update and new rules after purple teaming TOP35 MITRE TTP","shortMessageHtmlLink":"first batch of update and new rules after purple teaming TOP35 MITRE TTP"}},{"before":"eed5e7d6971c2d8bdcf02b6853689864f2805906","after":"ea19e9feefe9258c352bb8383e6155e4f3595e05","ref":"refs/heads/master","pushedAt":"2024-04-18T13:36:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new set of detections","shortMessageHtmlLink":"new set of detections"}},{"before":"ce60203779085afe812e206ee5ba427ee7d63e0d","after":"eed5e7d6971c2d8bdcf02b6853689864f2805906","ref":"refs/heads/master","pushedAt":"2024-04-18T08:05:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"new sigma detection and wineloader coverage","shortMessageHtmlLink":"new sigma detection and wineloader coverage"}},{"before":"13bfb8a0c3e0d916ab065b6b0b68a5bac3417e70","after":"ce60203779085afe812e206ee5ba427ee7d63e0d","ref":"refs/heads/master","pushedAt":"2024-04-18T05:11:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Removing cmdline with multiple escape space","shortMessageHtmlLink":"Removing cmdline with multiple escape space"}},{"before":"5b846b33aaad300878ef2b70e50427acaafef093","after":"13bfb8a0c3e0d916ab065b6b0b68a5bac3417e70","ref":"refs/heads/master","pushedAt":"2024-04-17T20:11:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"minor update mainly names","shortMessageHtmlLink":"minor update mainly names"}},{"before":"f47c3bedbf4b90258a11d18772070e6d4ff9fa73","after":"5b846b33aaad300878ef2b70e50427acaafef093","ref":"refs/heads/master","pushedAt":"2024-04-17T06:20:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"Sam0x90","name":null,"path":"/Sam0x90","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/13771868?s=80&v=4"},"commit":{"message":"Adding double extension masquerading detection","shortMessageHtmlLink":"Adding double extension masquerading detection"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEbHI4jgA","startCursor":null,"endCursor":null}},"title":"Activity · Sam0x90/CB-Threat-Hunting"}