security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,241 Commits 1 Branch 57 Tags
1c0c29f45f554d65d30a1dfbf8fd9cb77c192546
Commit Graph

341 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 18a77e79e3 fix: multiple issues 2023-01-06 18:04:04 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
frack113 0aad498425 Last lolbin (#3845) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-31 19:53:44 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 05bdb9af74 fix: rename files to fit logic 2022-12-19 19:28:23 +01:00
Nasreddine Bencherchali ff94bfee2b fix: update description to fit logic 2022-12-19 19:23:11 +01:00
Nasreddine Bencherchali c374413664 fix: change to permalink 2022-12-19 18:15:57 +01:00
Nasreddine Bencherchali 060174e2dd fix: small fixes 
- Added modified date
- Updated DLL sideload version
 2022-12-19 18:14:01 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali 3868dd91c6 feat: updates and enhancements 2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali cc658743e6 fix: add additional reference 2022-12-14 23:25:13 +01:00
frack113 c7e772eff9 Add image_load_side_load_jsschhlp 2022-12-14 19:24:32 +01:00
Florian Roth 7365e12478 docs: explanation for filter 2022-12-14 13:08:10 +01:00
Florian Roth 232d7f840a fix: FPs noticed with Aurora 2022-12-14 13:05:58 +01:00
Nasreddine Bencherchali d8b69e7a02 Merge pull request #3779 from frack113/dll_classicexplorer 
Add image_load_side_load_classicexplorer32
 2022-12-13 18:41:01 +01:00
frack113 fd76082c14 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-13 18:26:42 +01:00
frack113 3b88cab510 Add image_load_side_load_classicexplorer32 2022-12-13 10:26:21 +01:00
Nasreddine Bencherchali 14d174e218 feat: update rules related to dll sideloading 2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali cde2bdfc22 fix: fix typo in fieldname and close #2101 2022-12-09 17:11:03 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali 77b1234572 fix: apply code review changes 2022-12-03 11:55:54 +01:00
Nasreddine Bencherchali 0c3a0d4c39 fix: fp metadata 2022-12-02 23:38:18 +01:00
Nasreddine Bencherchali 3c90fb1c33 fix: fix metadata information 2022-12-02 23:22:23 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Nasreddine Bencherchali 13fbab9a87 Update image_load_susp_python_image_load.yml 2022-11-08 17:33:45 +01:00
Nasreddine Bencherchali f312455db5 Update rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml 2022-11-08 17:26:24 +01:00
Nasreddine Bencherchali ae2c09f866 Update rules/windows/image_load/image_load_in_memory_powershell.yml 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-11-08 17:25:53 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
phantinuss 0165f9b05b Merge pull request #3664 from frack113/DeleteShadowCopies 
Add image_load_susp_vss_dll_load
 2022-11-01 12:32:04 +01:00
Nasreddine Bencherchali 4bdc286a02 Update rules/windows/image_load/image_load_susp_python_image_load.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 11:10:07 +01:00
phantinuss b04f8c3db0 fix: description 2022-11-01 10:53:37 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
frack113 bb94f814af Update image_load_susp_vss_ps_load.yml 2022-10-31 20:24:22 +01:00
frack113 2469d525c1 Update image_load_susp_vss_dll_load.yml 2022-10-31 20:17:15 +01:00
frack113 5d3275aaca Merge branch 'master' into DeleteShadowCopies 2022-10-31 19:43:23 +01:00
frack113 a1fef566bd update filter image 2022-10-31 19:40:07 +01:00
frack113 f27ddc8a0f Update rules/windows/image_load/image_load_susp_vss_dll_load.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-31 19:33:13 +01:00
frack113 92ffbff5dc Add image_load_susp_vss_dll_load 2022-10-31 18:40:46 +01:00
phantinuss 2788fba40d fix: FPs found with Aurora 2022-10-31 11:31:30 +01:00
Nasreddine Bencherchali 9c10585a34 fix: fix fp in testing 2022-10-28 18:11:30 +02:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
frack113 a3eed2b760 Order yaml field 2022-10-26 09:42:26 +02:00
Nasreddine Bencherchali cd863c75b9 Update image_load_side_load_antivirus.yml 2022-10-25 23:52:15 +02:00
Nasreddine Bencherchali ef5f672a64 Update image_load_side_load_dbghelp_dll.yml 2022-10-25 12:48:52 +02:00
Nasreddine Bencherchali e14dedb3e3 Update image_load_side_load_dbghelp_dll.yml 2022-10-25 12:33:49 +02:00