security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,299 Commits 1 Branch 57 Tags
1fc408bfaa458268d89a24d32c5a2ece1c19dc8f
Commit Graph

105 Commits

Author SHA1 Message Date
Florian Roth 62b65a3578 Merge pull request #1375 from SigmaHQ/rule-devel 
fix: description
 2021-03-04 17:35:53 +01:00
Florian Roth bea2f226c6 fix: description 2021-03-04 17:35:25 +01:00
Florian Roth 9e921115bc Merge pull request #1373 from SigmaHQ/rule-devel 
HAFNIUM rule
 2021-03-03 10:34:08 +01:00
Florian Roth d8ded5ebdc refactor: changed symbols after feedback from Volexity 2021-03-03 10:15:45 +01:00
Florian Roth e17986ebd3 rule: HAFNIUM Exchange exploitation 2021-03-03 09:58:43 +01:00
Florian Roth 73a3a1e5cd Merge pull request #1360 from d4rk-d4nph3/master 
Added sigma rule for vSphere RCE CVE-2021-21972
 2021-03-03 09:32:05 +01:00
Florian Roth 8c95f90075 Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Florian Roth 96803a5a27 Merge pull request #1355 from Neo23x0/rule-devel 
Rule devel
 2021-02-22 17:46:21 +01:00
Florian Roth aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth 43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth f62fc2e889 Merge pull request #1341 from d4rk-d4nph3/master 
Added rule for TerraMaster TOS CVE-2020-28188
 2021-02-18 11:17:48 +01:00
Bhabesh Rai a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth 6b9eef58da Merge pull request #1338 from Neo23x0/rule-devel 
Improved UNC2452 activity rules
 2021-01-25 14:36:44 +01:00
Florian Roth a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Bhabesh Rai 465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Bhabesh Rai dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Florian Roth 30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
Florian Roth 0a83f91386 Merge pull request #1321 from d4rk-d4nph3/master 
Fixed typo in file format
 2020-12-28 09:13:48 +01:00
Bhabesh Rai bf77c8266a Fixed typo in file format 2020-12-28 11:46:02 +05:45
Florian Roth 896fc21911 Merge pull request #1320 from d4rk-d4nph3/master 
Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass
 2020-12-27 20:37:36 +01:00
Florian Roth a6212a4490 style: some minor style changes 2020-12-27 20:06:19 +01:00
Bhabesh Rai 1cfad987b0 Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass 2020-12-27 17:34:49 +05:45
Florian Roth 821af35557 Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 9c8e1387a9 rule: Solarwinds SUPERNOVA web shell access 2020-12-17 09:05:08 +01:00
Florian Roth cfe60d180b Merge pull request #1301 from d4rk-d4nph3/master 
Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.
 2020-12-08 11:09:51 +01:00
Florian Roth 2c642c64d2 Removed a value 2020-12-08 10:38:32 +01:00
Florian Roth a87a81d8cc Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml 2020-12-08 10:33:52 +01:00
Bhabesh Rai 3ddf940812 Added rule for Fortinet CVE-2018-13379 preauth file read exploitation. 2020-12-08 14:46:47 +05:45
mat b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Florian Roth 908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Florian Roth 5625f471d7 Merge pull request #963 from diskurse/rule-devel 
win_webshell_regeorg.yml
 2020-08-03 13:51:16 +02:00
Florian Roth 3abc3d0a76 docs: add FP condition 2020-08-03 13:50:47 +02:00
Florian Roth 6f7aecbe06 fix: preventive change to avoid FPs 2020-08-03 13:49:52 +02:00
Cian Heasley de33b953ba Add files via upload 
Webshell ReGeorg Detection Via Web Logs
 2020-08-03 12:20:04 +01:00
Ryan Plas 3bb45f00af Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values 2020-07-11 00:00:21 -04:00
Florian Roth 129925ce0b rule: improved Citrix rule 2020-07-10 18:15:35 +02:00
Florian Roth 383953c74e rule: better rule name and descriptions, plus MITRE ATT&CK tags 2020-07-10 17:55:13 +02:00
Florian Roth 0d89208242 rule: updated Citrix rule 2020-07-10 17:49:18 +02:00
Florian Roth eda08e3a89 rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 2020-07-10 17:45:11 +02:00
Florian Roth acfe20aa34 rule: extended F5 BIG-IP exploitation detection rule 2020-07-07 21:45:08 +02:00
Florian Roth 13ab00f744 improved F5 BIG-IP rule based on private feedback 2020-07-05 16:21:48 +02:00
Florian Roth fbe6c0e7d9 improved F5 BIG-IP rule 2020-07-05 13:29:30 +02:00