security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,469 Commits 1 Branch 57 Tags
098746574cc22e0730e2c6669a0fa26fdff1f5ed
Commit Graph

4727 Commits

Author SHA1 Message Date
Paul Hager 695e0bd5e3 fix: typo in 'related' field 2023-06-07 12:02:43 +02:00
phantinuss 630e1a4734 fix: exclude files that are marked for deletion 2023-06-07 10:24:51 +02:00
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
phantinuss e407cfa1d6 fix: wording 2023-06-05 13:09:30 +02:00
Nasreddine Bencherchali 899c2ff23a chore: update defender rules 2023-06-05 11:50:43 +02:00
Nasreddine Bencherchali c5c61ac040 Merge pull request #4280 from nasbench/rules-update-31-05-23 
feat: rule updates and issue fixes
 2023-06-05 11:38:16 +02:00
Nasreddine Bencherchali 8a06af1364 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-05 10:54:18 +02:00
Florian Roth 382355c728 feat: add new rule "Renamed AutoIt Execution" (#4286) 2023-06-05 10:53:42 +02:00
Nasreddine Bencherchali 02526cd41b feat: more updates 2023-06-01 23:22:35 +02:00
Nasreddine Bencherchali 2453982499 feat: fix issues and fp filters 2023-05-31 17:10:24 +02:00
Nasreddine Bencherchali 1299b21561 feat: rule and tests update 2023-05-31 13:46:13 +02:00
frack113 924483d1cc Update proc_creation_win_googleupdate_susp_child_process.yml 
Fix status
 2023-05-30 19:18:23 +02:00
Nasreddine Bencherchali bcc0c9a9e0 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-30 11:17:52 +02:00
Nasreddine Bencherchali 50e0f58547 Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 18:37:52 +02:00
Nasreddine Bencherchali f8ca220ade Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 17:26:50 +02:00
Nasreddine Bencherchali 574c63ea06 fix: fp found in testing 2023-05-26 16:34:06 +02:00
Nasreddine Bencherchali 00751c4c6d fix: issue to pass the tests 2023-05-26 16:10:46 +02:00
Nasreddine Bencherchali 547b8ffa71 feat: update more regsvr32 2023-05-26 15:59:30 +02:00
Nasreddine Bencherchali bf80eace81 feat: first batch update for regsvr32 2023-05-25 02:13:00 +02:00
cyb3rjy0t cd71edc09c feat: add/update rules related to odbcconf (#4228) 2023-05-23 14:08:56 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
phantinuss d7f3bf9736 fix: FP in prod env 2023-05-22 10:36:19 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Swachchhanda Shrawan Poudel d56c9d9006 Extended the coverage of existing defender tampering related rules 2023-05-10 21:23:47 +05:45
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
Micah Babinski 7906d999ab feat: add new rule for Potential Homoglyph Attack (#4223) 2023-05-09 01:35:52 +02:00
Nasreddine Bencherchali 72d003ea24 feat: update author and selection 2023-05-05 18:25:07 +02:00
Nasreddine Bencherchali 6f659d1c1a fix: fp found in testing 2023-05-05 12:24:54 +02:00
Florian Roth 91956f8058 Merge branch 'master' into rule-devel 2023-05-05 10:10:24 +02:00
Nasreddine Bencherchali 24ed6be065 feat: updates and new rules related to fin7 2023-05-05 01:26:06 +02:00
Nasreddine Bencherchali f25a3c530c Merge pull request #4214 from nasbench/coldsteel-rules 
feat: add new rules related to coldsteel
 2023-05-03 10:16:35 +02:00
kidrek 239afc945d fix: update curl rules flags to use regex (#4213) 2023-05-03 10:16:01 +02:00
phantinuss cb399e4944 fix: typos/wording 2023-05-03 09:01:29 +02:00
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali 5e1cf25642 fix: pass tests 2023-05-02 22:45:54 +02:00
Fukusuke Takahashi ef95e5278d fix: delete value-modifier in Search-Identifier (#4210) 2023-04-30 21:54:24 +02:00
phantinuss cf585abe51 feat: new rule for Rubeus in pwsh scriptblock log 2023-04-27 16:39:17 +02:00
phantinuss 648641c381 fix: can be end-of-commandline 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-04-25 11:27:21 +02:00
phantinuss 1c311b1ba9 fix: commandline match was too unspecific 2023-04-25 11:07:41 +02:00
phantinuss 0e7d782776 Merge pull request #4196 from nasbench/nash-rule-dev 
feat: small updates
 2023-04-25 09:04:02 +02:00
Nasreddine Bencherchali 4eb95d28dd feat: small updates 2023-04-24 23:23:38 +02:00
Nasreddine Bencherchali 3170c29e91 fix: merge rules and update detection 2023-04-24 19:24:19 +02:00
Swachchhanda Poudel fc8c66b3a4 Added detection to detect every possible way of execution through rdrleakdiag 2023-04-24 21:05:57 +05:45
phantinuss 465ded22a3 Merge pull request #4190 from swachchhanda000/master 
Added support when flag is called another way while executing xsl…
 2023-04-24 14:05:05 +02:00
phantinuss f26e4c2c62 fix: minor 2023-04-24 09:10:47 +02:00