security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,377 Commits 1 Branch 57 Tags
188b84767008f8b4c19fa9809eb55895d18452db
Commit Graph

6377 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CriimBow 188b847670 Typo on Find-DomainObjectPropertyOutlier 2021-06-25 10:35:33 +02:00
Florian Roth a710041350 Merge pull request #1574 from Karneades/fpPortProxy 
Add false positive note to PortProxy rules
 2021-06-24 16:56:35 +02:00
Andreas Hunkeler 3de0679d5a Add fp note to PortProxy rules 2021-06-24 11:22:41 +02:00
Andreas Hunkeler 366d83ab44 Add fp note to PortProxy rules 2021-06-24 11:21:29 +02:00
Florian Roth d05e33eb48 Merge pull request #1571 from BlackB0lt/patch-4 
Create win_renamed_meg.yml
 2021-06-23 16:28:38 +02:00
Florian Roth 1dd557e543 fix: global action unneeded 2021-06-23 09:23:08 +02:00
Sittikorn S c0724e533f Update and rename win_renamed_meg.yml to win_renamed_megasync.yml 2021-06-23 09:24:42 +07:00
Sittikorn S 16bafc835a Update win_renamed_meg.yml 2021-06-23 08:55:37 +07:00
Sittikorn S a310806dbf Update win_renamed_meg.yml 2021-06-23 08:35:12 +07:00
Sittikorn S 10488512ae Update win_renamed_meg.yml 2021-06-22 22:27:34 +07:00
Sittikorn S 177442d6df Update win_renamed_meg.yml 2021-06-22 22:20:49 +07:00
Sittikorn S 6328ce8ef6 Update win_renamed_meg.yml 2021-06-22 22:17:51 +07:00
Sittikorn S f55cd9ed1b Update win_renamed_meg.yml 2021-06-22 22:03:56 +07:00
Sittikorn S 268a4c31e3 Update win_renamed_meg.yml 
Change mitre tags T1218.001 to T1218
 2021-06-22 22:00:35 +07:00
Sittikorn S e6d08d0ad6 Update win_renamed_meg.yml 2021-06-22 21:55:09 +07:00
Sittikorn S a08b6c4e0a Create win_renamed_meg.yml 2021-06-22 21:50:07 +07:00
Florian Roth 7e748fa91a Merge pull request #1567 from BlackB0lt/patch-2 
Create win_script_event_consumer_spawn new rule
 2021-06-22 12:43:34 +02:00
Thomas Patzke befdcda507 Merge pull request #1566 from eocete-devo/master 
New backend for Devo queries
 2021-06-22 12:23:36 +02:00
Sittikorn S d9a749eec0 Update and rename win_script_event_consumer_spawn to win_script_event_consumer_spawn.yml 2021-06-22 16:35:46 +07:00
Florian Roth cbe97206de fix: several indentation issues, casing in tags 2021-06-22 11:03:17 +02:00
Florian Roth a87f8d1384 Merge pull request #1569 from Karneades/PortProxy 
rule: add port proxy registry rule and further references
 2021-06-22 11:01:17 +02:00
Florian Roth b81839e3ce Merge pull request #1568 from frack113/lsass_endswith 
Update rule lsass.exe to endswith
 2021-06-22 11:00:46 +02:00
Andreas Hunkeler ed41125f70 fix: remove duplicate status in portproxy reg rule 2021-06-22 08:28:17 +02:00
Andreas Hunkeler cd0b46ab62 rule: add port proxy registry rule and add references 2021-06-22 08:16:56 +02:00
frack113 e3e0b1ec35 fix ProcessName|endswith 2021-06-21 21:28:46 +02:00
frack113 edfb67ddc7 fix TargetImage|endswith 2021-06-21 21:21:34 +02:00
frack113 6558a5b110 fix TargetImage|endswith 2021-06-21 21:19:04 +02:00
frack113 0bc04605cb fix TargetImage|endswith 2021-06-21 21:14:36 +02:00
frack113 4ff1395a1f fix category and TargetImage|endswith 2021-06-21 21:06:54 +02:00
frack113 b23423beba convert to TargetImage|endswith 2021-06-21 20:51:26 +02:00
Sittikorn S 1bcac7b04a Create win_script_event_consumer_spawn 2021-06-21 21:20:39 +07:00
eocete bfbd1c6487 Merge remote-tracking branch 'upstream/master' into master 2021-06-21 14:11:39 +02:00
eocete 4b92dbb90d master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases. 2021-06-21 14:06:04 +02:00
Florian Roth e5cd850640 Merge pull request #1556 from frack113/PR_617_V2 
Fix all the rules to pass the test
 2021-06-16 08:22:51 +02:00
Florian Roth 5e701a2bcb Merge pull request #1557 from SyeedHasan/master 
Rule Edits and 'TaskCache Entry' Rule
 2021-06-16 08:22:17 +02:00
Hasan 33fcfd71bb Merge fixes for Rules 2021-06-16 10:45:20 +05:00
Hasan fabcb6c3c6 Removed asterisks from filter 2021-06-16 10:42:29 +05:00
Hasan 8196fbaada Parenthesis for condition statement 2021-06-16 10:41:52 +05:00
Hasan 415ced0023 Corrected MITRE reference tag 2021-06-15 19:07:50 +05:00
Hasan f079556067 Removed GUID phrase from description 2021-06-15 17:14:32 +05:00
Hasan 1764714e26 Rule to detect new TaskCache Entry 2021-06-15 17:08:14 +05:00
Hasan 1114a25a2c Removal of NODE from ALL filter for better coverage 2021-06-15 17:07:51 +05:00
Hasan 82bcfb29c3 Addition of Safemode flags 2021-06-15 17:07:02 +05:00
Florian Roth 1650d4638d Merge pull request #1548 from luffynextgen/master 
Create sysmon_svchost_cred_dump.yml
 2021-06-14 14:27:25 +02:00
Florian Roth 0377a30893 fix: several issues 2021-06-14 09:42:25 +02:00
Florian Roth 59df5119c2 Merge pull request #1552 from frack113/fix_category 
Fix some sysmon category
 2021-06-14 09:34:15 +02:00
luffynextgen 6fd7979659 Update sysmon_svchost_cred_dump.yml 2021-06-14 08:52:16 +02:00
frack113 558bcd5ceb Fix all the rules to pass the test 2021-06-14 07:33:26 +02:00
Florian Roth ae06ebcae0 Merge pull request #1551 from xg5-simon/xg5-simon 
Support for VMware Carbon Black Cloud EEDR
 2021-06-10 18:35:16 +02:00
Florian Roth ff314b1220 Merge pull request #1550 from humpalum/master 
Rules: persitence by exploiting Outlook or Exchange
 2021-06-10 18:34:43 +02:00