security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,994 Commits 1 Branch 57 Tags
01dc930c173e329c191245b76f05de5fa4b5da21
Commit Graph

543 Commits

Author SHA1 Message Date
Alejandro Ortuno 7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Alejandro Ortuno c83d5a3d65 Added some minor tuning of ip ranges 2020-10-26 09:45:13 +01:00
Alejandro Ortuno 11df6c2566 Sigma rule 2020-10-23 10:16:59 +02:00
Alejandro Ortuno 638fd7eeab Remote system discovery sigma rules for macos and linux 2020-10-22 10:37:29 +02:00
Alejandro Ortuno 5d37c0ee1e Added some modifications to firewall disabling 2020-10-22 10:22:00 +02:00
Ömer Günal afe97c000c Update lnx_system_info_discovery.yml 2020-10-21 21:48:43 +03:00
Ömer Günal 9f7244f019 Update lnx_system_info_discovery.yml 2020-10-21 21:45:23 +03:00
Ömer Günal a2a1b20335 Update lnx_process_discovery.yml 2020-10-21 21:40:46 +03:00
Mikhail Larin c938d917f1 additional processname fix 2020-10-21 18:32:50 +03:00
Mikhail Larin 13d84ac27b rule logic fix 2020-10-21 18:32:02 +03:00
Mikhail Larin c744a1cb47 fix rule logic 2020-10-21 18:29:06 +03:00
Mikhail Larin 7227ed0721 fix rule logic 2020-10-21 18:25:22 +03:00
Alejandro Ortuno 5e5576a91b Fix product 2020-10-21 10:13:28 +02:00
Alejandro Ortuno aa416090e1 Initial sigma rule 2020-10-21 10:09:00 +02:00
Alejandro Ortuno cdabf8e0e8 Sigma rules for network service scanning. 2020-10-21 09:41:40 +02:00
yugoslavskiy 81acc81d10 updated syntax a bit to re-run the test 2020-10-20 19:06:23 +02:00
yugoslavskiy 585770faa3 update syntax a bit to re-run the test 2020-10-20 17:31:00 +02:00
yugoslavskiy 462c92e522 changes a syntax a bit to re-run the test 2020-10-20 17:10:20 +02:00
Yugoslavskiy Daniil e95749e190 fix syntax 2020-10-20 05:10:11 +02:00
Yugoslavskiy Daniil 99b40e4a6a chage list of plist to contains modifier. could be easily bypassed with endswith 2020-10-20 05:09:08 +02:00
Yugoslavskiy Daniil cea24c9984 add macos_disable_security_tools.yml, oscd initiative issue #1012, task number 60 2020-10-20 05:06:43 +02:00
Yugoslavskiy Daniil 2890adf093 add macos_xattr_gatekeeper_bypass.yml, oscd initiative issue #1012, task number 55 2020-10-20 04:34:02 +02:00
Yugoslavskiy Daniil 5a8c7cd3f9 add missing falcond 2020-10-20 04:00:16 +02:00
Yugoslavskiy Daniil 6f3ac02cb3 add lnx_security_software_discovery.yml, oscd initiative issue #1011, task number 26 2020-10-20 03:57:41 +02:00
Yugoslavskiy Daniil f0663c8412 add macos_security_software_discovery.yml, oscd initiative issue #1012, task number 41 2020-10-20 03:46:41 +02:00
Yugoslavskiy Daniil 491f9d023c add lnx_file_and_directory_discovery.yml, oscd initiative issue #1011, task number 18 2020-10-20 03:05:32 +02:00
Yugoslavskiy Daniil 7c50729388 add macos_file_and_directory_discovery.yml, oscd initiative issue #1012, task number 28 2020-10-20 02:58:08 +02:00
Yugoslavskiy Daniil 34591f9f64 add lnx_system_network_connections_discovery.yml, oscd initiative issue #1011, task number 8 2020-10-20 01:17:06 +02:00
Yugoslavskiy Daniil 941fbebcdc add macos_system_network_connections_discovery.yml, oscd initiative issue #1012, task number 14 2020-10-20 01:14:56 +02:00
Yugoslavskiy Daniil 272fbcc378 fix title 2020-10-20 00:47:02 +02:00
Yugoslavskiy Daniil f0060dec67 fix title 2020-10-20 00:44:23 +02:00
Yugoslavskiy Daniil 1ecb2c1932 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:39:06 +02:00
Yugoslavskiy Daniil 8b01062d17 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:37:53 +02:00
Yugoslavskiy Daniil cc3ef973c0 add macos_base64_decode.yml, oscd initiative issue #1012, task number 3 2020-10-20 00:36:21 +02:00
Tim I 0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00
Mikhail Larin f75654a3f5 fix indentation 2020-10-19 18:19:38 +03:00
Mikhail Larin fe6459d07e commit to restart checker 2020-10-19 17:20:43 +03:00
Mikhail Larin ddc2d2635d fix wrong tactic 2020-10-19 17:16:22 +03:00
Mikhail Larin 42cc1dc552 fix non-present binary 2020-10-19 17:01:23 +03:00
Mikhail Larin e0e81b5c25 fix newlines 2020-10-19 16:45:42 +03:00
Mikhail Larin a64a70f7ed fix nelwines 2020-10-19 16:44:18 +03:00
Mikhail Larin 85adbc3137 fix newlines 2020-10-19 16:42:43 +03:00