blue-team-tools

Author	SHA1	Message	Date
Qasim Qlf	18c4acce2d	update: condition name	2023-02-03 14:34:09 +05:00
Nasreddine Bencherchali	6c153bff3f	Merge pull request #3995 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-02-02 21:40:21 +01:00
Nasreddine Bencherchali	8fc7f741d9	fix: apply escape suggestion Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 21:34:54 +01:00
Nasreddine Bencherchali	b80a81aba8	fix: wrong escape Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 20:07:13 +01:00
Nasreddine Bencherchali	307ecf5694	fix: typos in titles and descriptions of rules Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali	cbf114c9a8	fix: update wildcard selection	2023-02-02 10:53:59 +01:00
Nasreddine Bencherchali	c68531e688	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-02 10:52:04 +01:00
Nasreddine Bencherchali	d08acc18ae	fix: add missing modified field	2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali	0663b4e3f4	feat: more updates	2023-02-02 00:24:35 +01:00
$frack113$ frack113	9ad58353a7	Update from review	2023-02-01 18:30:45 +01:00
$frack113$ frack113	c1ef84fd66	Merge remote-tracking branch 'upstream/master' into pr/3989	2023-02-01 18:27:51 +01:00
$frack113$ frack113	3d8b82805c	Merge pull request #3992 from D4rkCiph3r/osacompile Create proc_creation_macos_osacompile_run-only_execution.yml	2023-02-01 18:17:00 +01:00
$frack113$ frack113	f121041cf0	Merge pull request #3991 from D4rkCiph3r/macro-osa Create proc_creation_macos_macros_execution.yml	2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali	55f16c3f84	fix: update metadata and logic	2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali	d8b17f1d9f	fix: add ref and update description	2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali	0cddb6194c	Merge pull request #3993 from D4rkCiph3r/patch-1 feat: add new extension to osascript rule	2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali	04227055e4	fix: add reference	2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali	5d769b7b19	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali	ac85d5ebff	Merge pull request #3997 from nasbench/update-nextron-authors chore: add nextron authors tag	2023-02-01 17:07:25 +01:00
Nasreddine Bencherchali	31a5c08480	fix: reduce author set	2023-02-01 14:34:46 +01:00
Nasreddine Bencherchali	beebafe9ce	fix: special case Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-01 13:22:11 +01:00
phantinuss	08b801aaff	fix: FPs with IPv6 adresses	2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
Qasim Qlf	f7e2fc1682	Update proc_creation_win_vul_java_remote_debugging.yml	2023-02-01 11:02:57 +05:00
$frack113$ frack113	cd58c1baef	fix title case	2023-02-01 06:35:26 +01:00
Nasreddine Bencherchali	9c0eae7590	fix: remove kerberos generic filters	2023-01-31 22:18:32 +01:00
Nasreddine Bencherchali	3e24998fe1	feat: add add-appxpackage cmdlet rules	2023-01-31 22:11:32 +01:00
$frack113$ frack113	2b198b7c32	Merge pull request #3971 from frack113/order_rule_folder Order root rules folder	2023-01-31 21:05:28 +01:00
$frack113$ frack113	00d731bcb5	Merge pull request #3990 from qasimqlf/patch-28 Update proc_creation_win_purplesharp_indicators.yml	2023-01-31 17:49:01 +01:00
$frack113$ frack113	26575cc2e0	Update proc_creation_macos_applescript.yml	2023-01-31 17:46:43 +01:00
$frack113$ frack113	66700a69e2	Merge pull request #3994 from ionsor/patch-8 Update proc_creation_lnx_hack_tools.yml	2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali	55bf797563	fix: selection again	2023-01-31 17:40:17 +01:00
Nasreddine Bencherchali	97f35b7a4d	Merge pull request #3980 from nasbench/blackberry-rules-cti-2023 feat: new rules from blackberry	2023-01-31 17:23:24 +01:00
Nasreddine Bencherchali	2684f0f63c	fix: remove unnecessary entry	2023-01-31 17:21:42 +01:00
Nasreddine Bencherchali	412efdad03	fix: update selection	2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali	164ee358c3	fix: update modified date	2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali	6a337151d1	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-01-31 17:11:18 +01:00
Feathers	8f6242c35f	Update proc_creation_lnx_hack_tools.yml added to the list of hacking tools, Linpeas, a privilege escalation script	2023-01-31 17:01:17 +01:00
D4rkCiph3r	596f5471f4	Merge branch 'SigmaHQ:master' into osacompile	2023-01-31 19:22:47 +05:30
D4rkCiph3r	ce577987a2	Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml	2023-01-31 19:20:06 +05:30
D4rkCiph3r	c3b826a76c	Update proc_creation_macos_applescript.yml minor updates to the CLI parameters, based on real-world observations	2023-01-31 19:16:15 +05:30
Nasreddine Bencherchali	3f8bd9f51f	fix: further improve detection section	2023-01-31 14:35:09 +01:00
D4rkCiph3r	440649b087	Create proc_creation_macos_osacompile_run-only_execution.yml	2023-01-31 19:03:35 +05:30
D4rkCiph3r	4c28487480	New Rule for T1115 macOS (#3988 ) feat: add new rule related to osascript reading clipboard	2023-01-31 14:32:08 +01:00
Nasreddine Bencherchali	995bf1a725	Merge pull request #3979 from nasbench/nasbench-rule-devel feat: multiple updates and enhancements	2023-01-31 14:30:31 +01:00
Nasreddine Bencherchali	2f6d1f042c	fix: update detection section	2023-01-31 14:28:11 +01:00
Nasreddine Bencherchali	34eddd3c31	Merge pull request #3985 from qasimqlf/patch-25 fix: optimize detection logic	2023-01-31 14:25:20 +01:00
D4rkCiph3r	e4ace3d363	Create proc_creation_macos_macros_execution.yml	2023-01-31 18:48:03 +05:30
Qasim Qlf	dab39e199c	Update proc_creation_win_purplesharp_indicators.yml	2023-01-31 18:15:06 +05:00
Nasreddine Bencherchali	33952874f1	fix: update selection	2023-01-31 14:14:50 +01:00

1 2 3 4 5 ...

11458 Commits