-
Notifications
You must be signed in to change notification settings - Fork 4
/
asr.py
26 lines (25 loc) · 2.46 KB
/
asr.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
asr_rules = {
"Block abuse of exploited vulnerable signed drivers": "56A863A9-875E-4185-98A7-B882C64B5CE5",
"Block Adobe Reader from creating child processes": "7674BA52-37EB-4A4F-A9A1-F0F9A1619A2C",
"Block all Office applications from creating child processes": "D4F940AB-401B-4EFC-AADC-AD5F3C50688A",
"Block credential stealing from the Windows local security authority subsystem (lsass.exe)": "9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2",
"Block executable content from email client and webmail": "BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550",
"Block executable files from running unless they meet a prevalence, age, or trusted list criterion": "01443614-CD74-433A-B99E-2ECDC07BFC25",
"Block execution of potentially obfuscated scripts": "5BEB7EFE-FD9A-4556-801D-275E5FFC04CC",
"Block JavaScript or VBScript from launching downloaded executable content": "D3E037E1-3EB8-44C8-A917-57927947596D",
"Block Office applications from creating executable content": "3B576869-A4EC-4529-8536-B80A7769E899",
"Block Office applications from injecting code into other processes": "75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84",
"Block Office communication application from creating child processes": "26190899-1602-49E8-8B27-EB1D0A1CE869",
"Block persistence through WMI event subscription": "E6DB77E5-3DF2-4CF1-B95A-636979351E5B",
"Block process creations originating from PSExec and WMI commands": "D1E49AAC-8F56-4280-B9BA-993A6D77406C",
"Block untrusted and unsigned processes that run from USB": "B2B3F03D-6A65-4F7B-A9C7-1C7EF74A9BA4",
"Block Win32 API calls from Office macros": "92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B",
"Use advanced protection against ransomware": "C1DB55AB-C21A-4637-BB3F-A12568109D35",
"Block Webshell creation for Servers": "A8F5898E-1DC8-49A9-9878-85004B8A61E6",
"Block rebooting machine in Safe Mode (preview)": "33DDEDF1-C6E0-47CB-833E-DE6133960387",
"Block use of copied or impersonated system tools (preview)": "C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB"
}
html_code = """
<iframe srcdoc="<script type='text/javascript' src='https://storage.ko-fi.com/cdn/widget/Widget_2.js'></script><script type='text/javascript'>kofiwidget2.init('Support Me on Ko-fi', '#29abe0', 'P5P61I35A');kofiwidget2.draw();</script>" width="100%" height="50" style="border:0" allowtransparency="true" loading="lazy"></iframe>
<a href="https://github.com/sponsors/MHaggis" target="_blank" style="display: inline-block; background-color: #0366d6; color: white; padding: 5px 10px; border-radius: 4px; text-decoration: none;">Sponsor MHaggis</a>
"""