blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	637d610884	chore: move rules to new folders (#4205 )	2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali	497d856245	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-04-19 15:50:29 +02:00
Nasreddine Bencherchali	032570a080	feat: more winget updates	2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali	aba4213d62	fix: reduce level and gen new uuid	2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali	f2eba9d125	feat: update winget related rules	2023-04-17 18:24:01 +02:00
Nasreddine Bencherchali	2710bf4710	feat: new rules, updates and fp fixes (#4162 )	2023-04-11 13:04:22 +02:00
Nasreddine Bencherchali	55a510eca5	fix: small changes	2023-04-05 13:19:26 +02:00
$frack113$ frack113	065cd15c58	Fix filter	2023-04-05 06:51:26 +02:00
Nasreddine Bencherchali	3d9372bef3	feat: new rules, updates and fp fixes (#4136 )	2023-04-03 12:06:14 +02:00
Hieu Tran	0e934bd4b4	feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111 )	2023-03-17 13:00:57 +01:00
Nasreddine Bencherchali	64295b1ed7	fix: remove unnecessary filter	2023-03-15 00:11:35 +01:00
Nasreddine Bencherchali	d36f7e9819	fix: fp found in testing	2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali	1a4f76242c	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-03-12 23:54:40 +01:00
Zeta	9da9da80d3	Update ATT&CK Techniques and Tactics (#4096 )	2023-03-10 01:21:42 +01:00
Nasreddine Bencherchali	f23780de6f	feat: update and fixes	2023-03-09 22:10:42 +01:00
$frack113$ frack113	d8a7228c68	Add MicrosoftRedirectionURL	2023-03-05 15:10:18 +01:00
Nasreddine Bencherchali	09110727fd	fix: change to permalink Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-23 10:47:52 +01:00
securepeacock	807b41c003	Update registry_set_wdigest_enable_uselogoncredential.yml Added Atomic Red Team test in references.	2023-02-22 15:38:12 -05:00
Wagga	ffc9044b07	Update registry_add_persistence_amsi_providers.yml	2023-02-20 14:11:11 +01:00
Nasreddine Bencherchali	6a0b38291f	fix: fp found in baseline	2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali	ee7d1d9890	feat: add reference	2023-02-17 19:58:26 +01:00
Nasreddine Bencherchali	787ea00ff7	feat: new rule for events.asp technique	2023-02-17 19:41:14 +01:00
Nasreddine Bencherchali	68c052aab7	feat: updates and fixes	2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali	c4d8be3780	fix: duplicate titles	2023-02-09 16:06:09 +01:00
Nasreddine Bencherchali	da012ad80d	fix: resolves #4014	2023-02-09 15:48:13 +01:00
Nasreddine Bencherchali	ba80fc1372	Merge pull request #4024 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-02-09 14:50:04 +01:00
Nasreddine Bencherchali	6d14a14f9e	fix: typos Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-09 13:09:46 +01:00
Nasreddine Bencherchali	8c1a5fb834	fix: remove sysmon definition Removed this definition for now as it's too generic and "obvious" Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-09 11:01:58 +01:00
Nasreddine Bencherchali	a24012b2b5	fix: apply suggestions	2023-02-09 10:41:41 +01:00
Nasreddine Bencherchali	b7a3000bb2	fix: update modified date	2023-02-09 10:38:21 +01:00
Nasreddine Bencherchali	0c581fb62a	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-09 10:31:11 +01:00
Nasreddine Bencherchali	4bb2beeb15	fix: duplicate ids and small updates	2023-02-08 19:36:55 +01:00
Nasreddine Bencherchali	0717634671	feat: updates and enhancements	2023-02-08 19:12:35 +01:00
Nasreddine Bencherchali	8851420b92	feat: update `registry_delete` rules	2023-02-08 12:48:51 +01:00
Nasreddine Bencherchali	692ad8356a	Merge branch 'registry-rules-update' of https://github.com/nasbench/sigma into registry-rules-update	2023-02-08 11:40:56 +01:00
Nasreddine Bencherchali	3ec159a400	feat: update `registry_add` rules	2023-02-08 00:37:22 +01:00
Nasreddine Bencherchali	a19a75b0b0	fix: resolves #4015	2023-02-07 14:33:56 +01:00
Wagga	273fdb9985	fix: typos in multiple rules (#4011 )	2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali	1f34cecadf	fix: multiple typos Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-06 12:28:45 +01:00
Nasreddine Bencherchali	68f0833cbc	feat: more fixes and updates	2023-02-05 21:46:22 +01:00
Nasreddine Bencherchali	307ecf5694	fix: typos in titles and descriptions of rules Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali	d08acc18ae	fix: add missing modified field	2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali	0663b4e3f4	feat: more updates	2023-02-02 00:24:35 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
Qasim Qlf	4938f9b44c	Rename registry_set_persistance_xll.yml to registry_set_persistence_xll.yml Updated persistance to persistence	2023-01-30 14:33:49 +05:00
$frack113$ frack113	1948b1cb6d	Merge pull request #3965 from frack113/pormotion_status change status to test	2023-01-27 17:56:12 +01:00
$frack113$ frack113	dabf286c17	Merge pull request #3966 from frack113/PendingFileRenameOperations Add registry_set_susp_pendingfilerenameoperations	2023-01-27 17:55:51 +01:00
$frack113$ frack113	7ea3db18f7	Fix test errors	2023-01-27 15:09:43 +01:00
Nasreddine Bencherchali	35dabc529c	fix: update metadata	2023-01-27 13:55:19 +01:00
$frack113$ frack113	5087b95155	Merge remote-tracking branch 'upstream/master' into pormotion_status	2023-01-27 11:29:27 +01:00

1 2 3 4 5 ...

359 Commits