security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 45 Packages Projects Releases Wiki Activity

Merge PR #5638 from @nasbench - Archive new rule references and update cache file

Browse Source 
Co-authored-by: nasbench <nasbench@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2025-09-22 11:41:18 +02:00
committed by GitHub
parent 1751ef8673
commit f76a82ddc9
2 changed files with 470 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/rule-references.txt
+15
View File
@@ -4149,3 +4149,18 @@ https://cloud.google.com/access-context-manager/docs/audit-logging
https://github.com/vari-sh/RedTeamGrimoire/tree/668e0357072546065729ad623f8c02f7be21bb08/Doppelganger
https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#impossible-travel
https://www.elastic.co/guide/en/security/current/linux-restricted-shell-breakout-via-linux-binary-s.html
https://learn.microsoft.com/en-us/windows/win32/shell/app-registration
https://www.packetlabs.net/posts/scattered-spider-is-a-young-ransomware-gang-exploiting-large-corporations/
https://learn.microsoft.com/en-us/powershell/module/activedirectory/get-adcomputer?view=windowsserver2022-ps
https://learn.microsoft.com/en-us/windows/win32/api/shobjidl_core/nn-shobjidl_core-iexecutecommand
https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#ssh_certificate_authority
https://github.com/LOLBAS-Project/LOLBAS/blob/2cc01b01132b5c304027a658c698ae09dd6a92bf/yml/OSBinaries/Wbadmin.yml
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49144
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
https://learn.microsoft.com/en-us/entra/architecture/security-operations-user-accounts#unusual-sign-ins
https://symantec-enterprise-blogs.security.com/threat-intelligence/harvester-new-apt-attacks-asia
https://www.sans.org/blog/defending-against-scattered-spider-and-the-com-with-cybercrime-intelligence/
https://www.spamhaus.org/reputation-statistics/cctlds/domains/
https://web.archive.org/web/20230329170326/https://blog.menasec.net/2019/02/threat-hunting-21-procdump-or-taskmgr.html