security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,147 Commits 1 Branch 57 Tags
0420e9c3bb3cb8ecbd6607256a8bdfaa72ccc838
Commit Graph

4621 Commits

Author SHA1 Message Date
Paul Hager 0420e9c3bb feat: various new hktl rules 2023-04-17 12:08:30 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
Mohamed Ashraf a7e34f7b3f feat: new rule related rorschach ransomware activity (#4159) 2023-04-04 14:59:25 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali 5138fef3e5 feat: update 3cx compromise related rules (#4156) 2023-03-31 15:01:41 +02:00
Nasreddine Bencherchali f8313036a0 feat: new rule related to susp child process of 3CXDesktopApp (#4153) 2023-03-30 00:36:02 +02:00
Nasreddine Bencherchali c08a50758b feat: update 2023-03-29 18:59:24 +02:00
Nasreddine Bencherchali cc24dc6a80 Update proc_creation_win_malware_3cx_infected.yml 2023-03-29 18:45:09 +02:00
Nasreddine Bencherchali f0555380ca feat: new compromised 3cx rules 2023-03-29 18:41:34 +02:00
frack113 e89bf57b5d Fix detection 2023-03-26 16:55:09 +02:00
frack113 7bbfe6521a Fix detection 2023-03-26 16:45:02 +02:00
Paul Schiffer b83c8aaf60 fix: typo in command line argument (#4140) 2023-03-24 15:46:46 +01:00
phantinuss aa1ab49773 fix: FPs found in testing environment 2023-03-24 10:41:21 +01:00
phantinuss 330b68cac3 Merge pull request #4128 from gs3cl/gesec_winpeas 
Update proc_creation_win_hktl_winpeas.yml
 2023-03-24 08:40:11 +01:00
gs3cl df54e30ec8 chg author 2023-03-23 20:07:09 +01:00
Nasreddine Bencherchali a504ab6927 fix: add cli option 2023-03-23 15:36:13 +01:00
Nasreddine Bencherchali d48a08c441 fix: update selection choices 2023-03-23 15:30:48 +01:00
Nasreddine Bencherchali 0ccef7822e fix: fp found in testing 2023-03-22 20:31:33 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
gs3cl 302b42267f Update proc_creation_win_hktl_winpeas.yml 
fix error
 2023-03-21 08:26:22 +01:00
gs3cl 1dc81a5455 Update proc_creation_win_hktl_winpeas.yml 
- add selection_linpeas_option
- add selection_default_dl
- chg AND to OR for OriginalFileName
 2023-03-21 07:52:35 +01:00
gs3cl e50d06b687 Update proc_creation_win_hktl_winpeas.yml 2023-03-20 21:31:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
Hieu Tran 0e934bd4b4 feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111) 2023-03-17 13:00:57 +01:00
Florian Roth 0ebbd09ab4 fix: removed unnecessary escapes 2023-03-16 22:54:41 +01:00
Florian Roth e4864b43d2 fix: regular expression 2023-03-16 22:46:08 +01:00
Nasreddine Bencherchali 4287d790ae Update proc_creation_win_rundll32_webdav_client_susp_execution.yml 2023-03-16 19:34:23 +01:00
Nasreddine Bencherchali 53e86c8871 Update proc_creation_win_rundll32_webdav_client_execution.yml 2023-03-16 19:23:05 +01:00
Nasreddine Bencherchali 5ca7978ebe fix: escape slashes 2023-03-16 19:20:53 +01:00
Nasreddine Bencherchali 49a43832c4 fix: enhance selection 2023-03-16 19:19:25 +01:00
Nasreddine Bencherchali db62085f77 fix: ip regex 2023-03-16 19:18:36 +01:00
Nasreddine Bencherchali 5b14835a35 feat: add new rules related to CVE-2023-23397 2023-03-16 19:17:48 +01:00
Nasreddine Bencherchali 77cd0bf6c0 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali 1d45236bf6 fix: broken condition 2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali 933e99eef8 fix: cicd errors 2023-03-14 23:21:18 +01:00
Nasreddine Bencherchali 90574160ec feat: new rules and update 2023-03-14 20:07:44 +01:00
Nasreddine Bencherchali adf0ac1718 feat: attrib rules updates 2023-03-14 01:50:30 +01:00
Nasreddine Bencherchali dba3839e23 feat: new rules related to dotnet-dump 2023-03-14 01:43:14 +01:00
Nasreddine Bencherchali a599e7b4af fix: add missing modified 2023-03-13 10:49:29 +01:00
Nasreddine Bencherchali d7083f6175 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-13 10:48:08 +01:00
Nasreddine Bencherchali 1743ce90ea fix: add missing modifier 2023-03-11 18:32:33 +01:00
Nasreddine Bencherchali 991c824f9a feat: more updates 2023-03-10 23:32:32 +01:00
Nasreddine Bencherchali c1b2b05cde Update proc_creation_win_apt_apt31_judgement_panda.yml 2023-03-10 16:52:10 +01:00
Nasreddine Bencherchali a8462ec916 feat: more apt rules updates 2023-03-10 16:50:29 +01:00
Nasreddine Bencherchali b36fb603e0 fix: fp found in testing 2023-03-09 22:53:30 +01:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 149256b0b9 fix: add missing modified date 2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali 556e445e22 fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-03-07 17:49:21 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00