security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,315 Commits 1 Branch 57 Tags
063bb57dfdabbefb7c84166b7a35dfdabd2b8c90
Commit Graph

15315 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gavin Knapp 063bb57dfd Update net_connection_win_notion.yaml 
Note to self: Leave commits until the morning when working late 🙃🤣.

Removed test user from install path.
 2023-05-04 07:52:48 +01:00
Gavin Knapp c11b69b8f5 Rename net_connection_win_notion.yml to net_connection_win_notion.yaml 
Corrected fileame error
 2023-05-04 01:50:25 +01:00
Gavin Knapp 401d71d9d3 Create net_connection_win_notion.yml 
created a rule to detecdt possible C2 coms using Notion SaaS as the C2 endpoint.
 2023-05-03 23:29:26 +01:00
Nasreddine Bencherchali 796fa721fd Merge pull request #4216 from phantinuss/master 
fix: remove erroneous whitespace
 2023-05-03 20:00:45 +02:00
phantinuss ba3fbcf334 fix: remove erroneous whitespace 2023-05-03 15:53:14 +02:00
Gavin Knapp 859d30c50c feat: new rule net_connection_win_google_api_non_browser_access.yml (#4212) 2023-05-03 10:32:28 +02:00
Nasreddine Bencherchali f25a3c530c Merge pull request #4214 from nasbench/coldsteel-rules 
feat: add new rules related to coldsteel
 2023-05-03 10:16:35 +02:00
kidrek 239afc945d fix: update curl rules flags to use regex (#4213) 2023-05-03 10:16:01 +02:00
phantinuss cb399e4944 fix: typos/wording 2023-05-03 09:01:29 +02:00
securepeacock 65030d99eb chore: move defender rule from internal to public (#4208) 2023-05-03 01:33:30 +02:00
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali 5e1cf25642 fix: pass tests 2023-05-02 22:45:54 +02:00
Nasreddine Bencherchali b8c587aff3 feat: add new rules related to coldsteel 2023-05-02 19:02:53 +02:00
phantinuss 03f3f77359 Merge pull request #4207 from securepeacock/patch-42 
Create net_connection_win_winlogon_net_connections.yml
 2023-05-02 16:49:19 +02:00
Fukusuke Takahashi ef95e5278d fix: delete value-modifier in Search-Identifier (#4210) 2023-04-30 21:54:24 +02:00
Nasreddine Bencherchali 64648f9e28 Update net_connection_win_winlogon_net_connections.yml 2023-04-28 16:39:04 +02:00
Nasreddine Bencherchali 5ff0f2a215 fix: small updates 2023-04-28 16:38:32 +02:00
securepeacock 9ddbb2be8b Update net_connection_win_winlogon_net_connections.yml 2023-04-28 10:30:08 -04:00
securepeacock 7355f2a54d Create net_connection_win_winlogon_net_connections.yml 2023-04-28 10:06:17 -04:00
Nasreddine Bencherchali 4bff10d105 Merge pull request #4206 from muratogul/master 
fix: corrected eventSource on aws_enum_buckets.yml file
 2023-04-28 13:19:15 +02:00
Nasreddine Bencherchali 7ce4a9b7ec fix: add missing modified 2023-04-28 11:12:30 +02:00
muratogul 961aebb8ef corrected eventSource on aws_enum_buckets.yml file 2023-04-27 22:53:34 -07:00
Nasreddine Bencherchali 2e60571d59 Merge pull request #4204 from phantinuss/master 
feat: add Rubeus rule for PWSH and FP fixes
 2023-04-27 17:39:53 +02:00
phantinuss 6a88ece238 fix: adapt level to high 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-04-27 16:59:35 +02:00
phantinuss 941d02dbe5 fix: FPs found in production environment 2023-04-27 16:40:07 +02:00
phantinuss cf585abe51 feat: new rule for Rubeus in pwsh scriptblock log 2023-04-27 16:39:17 +02:00
phantinuss 1eb2c777d4 Merge pull request #4202 from phantinuss/master 
use relative paths in rules test
 2023-04-26 13:30:29 +02:00
phantinuss e6d734e7fc chore: use relative paths for rules test again 2023-04-26 13:22:01 +02:00
phantinuss adb0a1ce1d fix: typo in field 2023-04-26 13:22:01 +02:00
Nasreddine Bencherchali 9cb1c3167d Merge pull request #4201 from bluet/patch-1 
fix web_cve_2021_26858_iis_rce.yml (all of -> "|all")
 2023-04-26 11:12:35 +02:00
Nasreddine Bencherchali 797a8d0784 Update web_cve_2021_26858_iis_rce.yml 2023-04-26 10:42:38 +02:00
phantinuss 2ce93031f6 Merge pull request #4200 from nasbench/fxi-tests 
feat: update test_rules.py
 2023-04-26 08:38:04 +02:00
BlueT - Matthew Lien - 練喆明 8471faea15 fix web_cve_2021_26858_iis_rce.yml (all of -> "|all") 
https://github.com/SigmaHQ/sigma/pull/3952
https://github.com/SigmaHQ/sigma-specification/discussions/53
 2023-04-26 07:05:09 +08:00
Nasreddine Bencherchali 9df83b23c8 Update win_security_susp_interactive_logons.yml 2023-04-25 20:23:08 +02:00
Nasreddine Bencherchali ae41afb8cc fix: issues with tests 2023-04-25 20:15:15 +02:00
Nasreddine Bencherchali 0784bd380a Merge branch 'SigmaHQ:master' into fxi-tests 2023-04-25 19:18:52 +02:00
Nasreddine Bencherchali 1ed9743e7c fix: test issues 2023-04-25 19:18:38 +02:00
Fukusuke Takahashi b61cfd7e3b fix: modify PaperCut exploitation rule condition (#4199) 2023-04-25 19:05:34 +02:00
Nasreddine Bencherchali 16d4d0b6ea Update test_rules.py 2023-04-25 18:59:24 +02:00
phantinuss 0a725ebfb7 Merge pull request #4198 from phantinuss/master 
Fix FPs found in testing env
 2023-04-25 11:41:40 +02:00
phantinuss 648641c381 fix: can be end-of-commandline 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-04-25 11:27:21 +02:00
Nasreddine Bencherchali d024f971de fix: apply suggestions from code review 2023-04-25 11:18:59 +02:00
phantinuss ab6f4848ff fix: FP found in testing environment 2023-04-25 11:07:41 +02:00
phantinuss 1c311b1ba9 fix: commandline match was too unspecific 2023-04-25 11:07:41 +02:00
dan21san 4b8f70fb97 feat: add new rules related to linux reverse shells (#4166) 2023-04-25 11:03:11 +02:00
erickatwork 91bc015216 feat: update description ECS TASK DEF rule (#4181) 2023-04-25 11:00:24 +02:00
phantinuss 0e7d782776 Merge pull request #4196 from nasbench/nash-rule-dev 
feat: small updates
 2023-04-25 09:04:02 +02:00
phantinuss 7188e83ccb Merge pull request #4195 from swachchhanda000/master 
Modified rule to detect every possible way of rdrleakdiag execution
 2023-04-25 08:48:04 +02:00
Nasreddine Bencherchali 4eb95d28dd feat: small updates 2023-04-24 23:23:38 +02:00
Nasreddine Bencherchali 3170c29e91 fix: merge rules and update detection 2023-04-24 19:24:19 +02:00