Andreas Hunkeler Karneades

#DFIR; author of the incident response card game Defensomania; persistent persistence hunter; see CyberTriad on how to spot Antifragility in cyber security.

92 followers · 10 following

Exeon Analytics

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

1 file
0 forks
0 comments
1 star

Karneades / Get-SigmaRegistryKeys.ps1

Last active June 23, 2020 10:22

Extract registry keys from Sigma rules (see https://github.com/Neo23x0/sigma)

	<#
	Requires PowerShell module powershell-yaml (https://github.com/cloudbase/powershell-yaml)

	See https://github.com/swisscom/PowerGRR/wiki/Use-registry-keys-from-Sigma-rules-as-input-for-PowerGRR-registry-flows.

	The first wildcard will be replace by both HKLM and HKCU,
	additional wildcards will be left as they are, e.g. values
	in CurrentControlSet or ControlSet001 would be found.

	PS> Get-SigmaRegistryKeys ..\apt_chafer_mar18_only_one_key.yml.txt

NewerOlder