s/DeepWhite/DeepBlueHash

sans-blue-team · Jan 5, 2022 · 0f6a93b · 0f6a93b
1 parent 15999a1
commit 0f6a93b
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/DeepWhite-checker.ps1 → DeepBlueHash-checker.ps1 b/DeepWhite-checker.ps1 → DeepBlueHash-checker.ps1
diff --git a/DeepWhite-collector.ps1 → DeepBlueHash-collector.ps1 b/DeepWhite-collector.ps1 → DeepBlueHash-collector.ps1
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Sample evtx files are in the .\evtx directory
 - [Output](#output)
 - [Logging setup](#logging-setup)
 - See the [DeepBlue.py Readme](READMEs/README-DeepBlue.py.md) for information on DeepBlue.py
-- See the [DeepWhite Readme](READMEs/README-DeepWhite.md) for information on DeepWhite (detective safelisting using Sysmon event logs)
+- See the [DeepBlueHash Readme](READMEs/README-DeepBlueHash.md) for information on DeepBlueHash (detective safelisting using Sysmon event logs)
 
 ## Usage:
 
@@ -155,7 +155,7 @@ Thank you: [@heinzarelli](https://twitter.com/heinzarelli) and [@HackerHurricane
 
 Install Sysmon from Sysinternals: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
 
-DeepBlue and DeepWhite currently use Sysmon events, 1, 6 and 7.
+DeepBlue and DeepBlueHash currently use Sysmon events, 1, 6 and 7.
 
 Log SHA256 hashes. Others are fine; DeepBlueCLI will use SHA256.
 
diff --git a/READMEs/README-DeepWhite.md → READMEs/README-DeepBlueHash.md b/READMEs/README-DeepWhite.md → READMEs/README-DeepBlueHash.md
@@ -1,4 +1,4 @@
-# DeepWhite
+# DeepBlueHash
 
 Detective safelisting using Sysmon event logs.
 
@@ -26,7 +26,7 @@ The script assumes a personal API key, and waits 15 seconds between submissions.
 
 Sysmon is required: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
 
-Must log the SHA256 hash, DeepWhite will ignore the others.
+Must log the SHA256 hash, DeepBlueHash will ignore the others.
 
 This minimal Sysmon 6.0 config will log the proper events/hashes. Note that image (DLL) logging may create performance issues. This config ignores DLLs signed by Microsoft (which should lighten the load), but please test!
 
@@ -53,7 +53,7 @@ This minimal Sysmon 6.0 config will log the proper events/hashes. Note that imag
   </EventFiltering>
 </Sysmon>
 ```
-These are the events used by DeepBlueCLI and DeepWhite.
+These are the events used by DeepBlueCLI and DeepBlueHash.
 
 You can go *much* further than this with Sysmon. The Sysinternals Sysmon page has a good basic configuration: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon