blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	00f3055035	split global net_susp_network_scan.yml	2021-09-21 19:47:28 +02:00
$frack113$ frack113	b5e91d7185	fix field name and date	2021-09-21 19:41:46 +02:00
$frack113$ frack113	d37685d7cc	split global win_cobaltstrike_service_installs.yml	2021-09-21 19:36:34 +02:00
$frack113$ frack113	06a07605fd	split global win_mal_creddumper.yml	2021-09-21 19:31:52 +02:00
$frack113$ frack113	dde3b17c20	split global win_mal_service_installs.yml	2021-09-21 16:17:59 +02:00
$frack113$ frack113	518d294ee9	fix id error	2021-09-21 16:06:27 +02:00
$frack113$ frack113	b9d14ef55a	split global win_metasploit_or_impacket_smb_psexec_service_install.yml	2021-09-21 16:02:47 +02:00
$frack113$ frack113	9dbc71ca2f	split global win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml	2021-09-21 15:50:06 +02:00
$frack113$ frack113	0dd549ba67	fix selection name	2021-09-21 15:25:03 +02:00
$frack113$ frack113	7c8d1ab037	split global win_moriya_rootkit.yml	2021-09-21 15:18:25 +02:00
$frack113$ frack113	a4ad7e5358	split global win_net_ntlm_downgrade.yml	2021-09-21 15:10:08 +02:00
$frack113$ frack113	a5c8fba7a5	fix error	2021-09-21 15:01:51 +02:00
$frack113$ frack113	20a785bad3	split global win_powershell_script_installed_as_service.yml	2021-09-21 13:55:04 +02:00
$frack113$ frack113	8c13bd23b9	split global win_powershell_web_request	2021-09-21 13:44:19 +02:00
$frack113$ frack113	ba3c7a020a	split global win_root_certificate_installed.yml	2021-09-21 13:34:32 +02:00
$frack113$ frack113	6368a88ad3	split global win_software_discovery.yml	2021-09-21 13:28:47 +02:00
$frack113$ frack113	332bed7906	split global win_susp_eventlog_cleared.yml	2021-09-21 13:22:40 +02:00
$frack113$ frack113	99f24a95a6	split global win_susp_failed_logons_single_source.yml	2021-09-21 13:19:00 +02:00
$frack113$ frack113	06ed7c41af	split clobal win_tap_driver_installation.yml	2021-09-21 13:15:21 +02:00
$frack113$ frack113	5951ad1d9a	Merge pull request #2056 from frack113/some_global Split global rules	2021-09-21 12:42:59 +02:00
$frack113$ frack113	d5e1e97ed3	Merge pull request #2055 from frack113/split_invoke split global win_invoke_obfuscation_*	2021-09-21 12:42:41 +02:00
$frack113$ frack113	0884a70e28	fix tests.py error	2021-09-21 10:52:37 +02:00
$frack113$ frack113	4718f914e9	split global sysmon_hack_dumpert.yml	2021-09-21 10:43:42 +02:00
$frack113$ frack113	5fc82e5dc6	split global sysmon_tttracer_mod_load.yml	2021-09-21 10:39:02 +02:00
$frack113$ frack113	4c85858e12	split global sysmon_regsvr32_network_activity.yml	2021-09-21 10:33:47 +02:00
$frack113$ frack113	c0e24e9236	split global win_defender_disabled.yml	2021-09-21 10:24:52 +02:00
$frack113$ frack113	2b23118b0d	split global win_defender_exclusions.yml	2021-09-21 10:16:25 +02:00
$frack113$ frack113	318f8b714e	split global win_tool_psexec.yml	2021-09-21 10:10:48 +02:00
$frack113$ frack113	a96dd66b46	split global win_wmi_persistence.yml	2021-09-21 09:56:03 +02:00
$frack113$ frack113	0a6ac0b171	split global powershell_alternate_powershell_hosts.yml	2021-09-21 09:52:35 +02:00
$frack113$ frack113	f5d58a0cb1	split powershell_remote_powershell_session.yml	2021-09-21 09:48:50 +02:00
$frack113$ frack113	95af26f963	split powershell_suspicious_download.yml	2021-09-21 09:46:02 +02:00
$frack113$ frack113	10d11b7890	fix 4697 fieldname	2021-09-20 22:53:59 +02:00
$frack113$ frack113	b6dc4de5e1	split global win_invoke_obfuscation_*	2021-09-20 22:42:59 +02:00
$frack113$ frack113	feee70644f	split global win_invoke_obfuscation_*	2021-09-20 22:40:33 +02:00
neu5ron	61c9c9fb20	Zeek detection for OMIGOD HTTP RCE Signed-off-by: neu5ron <neu5ron@users.noreply.github.com>	2021-09-20 12:26:01 -04:00
Florian Roth	a18f4d3c10	Merge pull request #2053 from humpalum/master Rule for ADSelfService cve_2021_40539	2021-09-20 16:41:52 +02:00
$frack113$ frack113	6dbc369eb5	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 15:51:21 +02:00
$frack113$ frack113	4424bc9c5d	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:20:39 +02:00
Florian Roth	56069a2196	Update web_cve_2021_40539_adselfservice.yml	2021-09-20 13:07:31 +02:00
Florian Roth	8909eefb90	Merge pull request #2052 from phantinuss/pr xwizard dll sideloading	2021-09-20 12:35:42 +02:00
Tobias Michalski	2b843e58ee	fix: added references	2021-09-20 12:28:47 +02:00
Tobias Michalski	79d2144424	feat: Rule for ADSelfService cve_2021_40539	2021-09-20 12:26:46 +02:00
phantinuss	25a407e24f	Update win_dll_sideload_xwizard.yml	2021-09-20 10:56:37 +02:00
Florian Roth	6c630502dc	Update win_dll_sideload_xwizard.yml	2021-09-20 10:54:53 +02:00
$frack113$ frack113	91788e57c7	Merge pull request #2051 from frack113/double_file_name fix duplicate name file	2021-09-20 10:45:35 +02:00
phantinuss	4e794fe3e7	xwizard dll sideloading	2021-09-20 10:39:31 +02:00
$frack113$ frack113	6286cf80cc	fix duplicate name file	2021-09-20 09:31:04 +02:00
$frack113$ frack113	d5108502a2	split win_apt_chafer_mar18.yml	2021-09-19 11:48:20 +02:00
$frack113$ frack113	faff9e6db7	spli win_apt_slingshot.yml	2021-09-19 11:36:40 +02:00

1 2 3 4 5 ...

6013 Commits