admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

秋季更新

Browse Source 
秋季更新
This commit is contained in:
huoji
2022-09-20 18:31:15 +08:00
parent 5fcfd6ec02
commit 05aea0a27b
25 changed files with 781 additions and 849 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Server/plugins/mimikazt_detect/mimikatz_detect.py
View File

@@ -34,7 +34,7 @@ mimikatz_dll_list = [
def rule_new_process_create(current_process: process.Process, host, raw_log_data, json_log_data):
# 服务端提供了一个 plugin_var 变量用于存放当前进程插件的上下文
if current_process.path != 'c:\\windows\\system32\\wbem\\wmic.exe' and current_process.parent_process.path != 'c:\\windows\\system32\\svchost.exe':
if current_process.path != 'c:\\windows\\system32\\wbem\\wmic.exe' and current_process.parent_process.path != 'c:\\windows\\system32\\svchost.exe' and current_process.path != 'c:\\windows\\system32\\svchost.exe':
current_process.plugin_var['mimikatz_matched_num'] = 0
current_process.plugin_var['mimikatz_detected'] = False
return global_vars.THREAT_TYPE_NONE