blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	1a877a5ccd	Merge pull request #2495 from frack113/redcannary_20211227 Windows redcannary rules	2021-12-28 12:52:07 +01:00
Florian Roth	01021a585d	Update powershell_ps_susp_win32_shadowcopy.yml	2021-12-28 12:04:14 +01:00
Florian Roth	af3462f7e6	Update powershell_ps_susp_remove_adgroupmember.yml	2021-12-28 12:03:40 +01:00
$frack113$ frack113	744b7602c9	Windows redcannary rules	2021-12-27 20:25:01 +01:00
$frack113$ frack113	b967deaabd	Windows Redcannary impact	2021-12-26 12:09:42 +01:00
$frack113$ frack113	0e31c23620	Merge pull request #2476 from frack113/redcannary_20211220 Windows Redcannary	2021-12-21 20:41:58 +01:00
$frack113$ frack113	e542c10e8e	Fix error	2021-12-20 11:35:12 +01:00
$frack113$ frack113	96a42f3bb5	Windows redcannary	2021-12-20 10:43:32 +01:00
$frack113$ frack113	b89580488a	Windows Redcannary	2021-12-19 11:20:42 +01:00
$frack113$ frack113	ab450e5782	Merge pull request #2458 from frack113/redcanary_20211216 Windows Redcanary T1518.001 discovery	2021-12-16 22:47:23 +01:00
$frack113$ frack113	605ec35109	fix space	2021-12-16 10:41:07 +01:00
$frack113$ frack113	d7e9dccdbe	Windows redcannary	2021-12-16 10:32:45 +01:00
$frack113$ frack113	426d8193ad	Windows redcannary	2021-12-15 19:36:16 +01:00
$frack113$ frack113	37f1938a4a	Rename powershell_ps_get_childitem_bookmarks	2021-12-13 12:04:00 +01:00
$frack113$ frack113	6115eeda62	windows redcanary t1217	2021-12-13 11:02:33 +01:00
$frack113$ frack113	97580d4fa1	fix space	2021-12-12 12:25:05 +01:00
$frack113$ frack113	221f479825	Windows Redcannay T1069.001	2021-12-12 12:15:27 +01:00
$frack113$ frack113	e215f4606b	Order rules	2021-12-04 10:07:07 +01:00
phantinuss	07a0a37273	feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*'	2021-12-02 14:47:39 +01:00
Tim Shelton	0e55a06e6e	adding missing :	2021-12-01 23:14:57 +00:00
Tim Shelton	bd13c7b77b	fixing yaml formatting	2021-12-01 21:27:31 +00:00
Tim Shelton	1ebd75754f	omgosh fix err in syntax on this.... sooo sorry!	2021-12-01 21:15:41 +00:00
Tim Shelton	48a45b06eb	fixing format	2021-11-29 19:23:31 +00:00
Tim Shelton	f0c6dbdc84	adding amazon ec2 to list of false positives	2021-11-29 19:20:00 +00:00
$frack113$ frack113	010a988fe5	Merge pull request #2318 from austinsonger/clearing_windows_console_history.yml clearing_windows_console_history.yml	2021-11-27 07:43:52 +01:00
Austin Songer	48d9aec318	Update powershell_clearing_windows_console_history.yml	2021-11-26 09:18:37 -06:00
Florian Roth	d91b925873	fix: FPs	2021-11-26 14:42:21 +01:00
Austin Songer	25df58702a	Update powershell_clearing_windows_console_history.yml	2021-11-25 19:08:55 -06:00
Austin Songer	a9ab7f4e13	Update powershell_clearing_windows_console_history.yml	2021-11-25 19:08:27 -06:00
Austin Songer	f8fd44d92a	Update powershell_clearing_windows_console_history.yml	2021-11-25 19:06:18 -06:00
Austin Songer	c3d5d1c231	clearing_windows_console_history.yml	2021-11-25 19:04:30 -06:00
$frack113$ frack113	ab663f9bcf	Add MITTRE Technique	2021-11-20 10:56:41 +01:00
$frack113$ frack113	1cfca93354	Missing status in rules (#2284 ) * add missing status	2021-11-19 22:32:26 +01:00
$frack113$ frack113	9f7a027913	Fix category and EventID	2021-11-12 12:18:44 +01:00
Austin Songer	923391224a	Create powershell_azurehound_commands.yml	2021-10-23 18:27:36 -05:00
$frack113$ frack113	217ac5c9a3	Merge pull request #2170 from frack113/redcanary_T1564_003 add rule powershell_suspicious_windowstyle	2021-10-21 18:07:48 +02:00
$frack113$ frack113	a9bc26f37c	add powershell_suspicious_windowstyle	2021-10-20 13:57:24 +02:00
$frack113$ frack113	f9efc127de	add powershell_set_policies_to_unsecure_level	2021-10-20 12:58:43 +02:00
$frack113$ frack113	faa407dacc	cleanup list	2021-10-18 14:52:35 +02:00
$frack113$ frack113	0e1c156ddf	fix related	2021-10-18 14:26:06 +02:00
$frack113$ frack113	d866b10590	add ps_script verison	2021-10-18 14:13:29 +02:00
$frack113$ frack113	f6b0a89161	change to category: ps_script	2021-10-16 08:18:49 +02:00
Austin Songer	4e43fce629	Update powershell_windows_firewall_profile_disabled.yml	2021-10-13 07:01:04 -05:00
Austin Songer	40eed2ec59	Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml	2021-10-12 11:57:37 -05:00
Austin Songer	d273bc25ea	Create powershell_windows_firewall_disabled.yml	2021-10-12 11:56:37 -05:00
$frack113$ frack113	1337116d84	Cleanup selection name	2021-10-10 10:17:24 +02:00
$frack113$ frack113	5c68c42058	order powershell_script	2021-10-09 10:30:36 +02:00
$frack113$ frack113	77749510b7	fix yml	2021-10-09 10:01:40 +02:00
$frack113$ frack113	9b0f744f75	order powershell_script	2021-10-09 09:57:45 +02:00
$frack113$ frack113	0d04b469f7	order powershell_classic	2021-10-07 07:40:53 +02:00

50 Commits