security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

15807 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
securepeacock 291ca18d22 Merge pull request #4389 from @securepeacock 
chore: Dynamic .NET Compilation Via Csc.EXE - add new reference
 2023-08-23 18:59:03 +02:00
securepeacock bad3152ac3 Merge pull request #4388 from @securepeacock 
chore: Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE - add new reference
 2023-08-23 18:52:22 +02:00
gleeiamglo 832c15a4c9 Merge pull request #4384 from @gleeiamglo 
new: Anonymous IP Address

---------

Co-authored-by: gllee <gllee@microsoft.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-23 14:45:56 +02:00
Metin Münüklü 0964033c71 Merge pull request #4325 from @mtnmunuklu 
chore: update readme.md to include alterix

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-23 14:31:10 +02:00
phantinuss fdc5b6a6db chore: update PULL_REQUEST_TEMPLATE.md - add changelog instead of detailed description (#4386) 2023-08-23 14:21:07 +02:00
phantinuss da8d42fa2b Merge pull request #4385 from @phantinuss - Update Workflow Pipeline 
- fix: Devil Bait Potential C2 Communication Traffic
- chore: update workflow to run on all rules
- chore: unpin the sigma-cli version from the workflow
 2023-08-23 14:18:49 +02:00
phantinuss 2a2db295ce Merge pull request #4155 from D4rkCiph3r/patch-5 
Update proc_creation_macos_add_to_admin_group.yml
 2023-08-23 08:57:45 +02:00
phantinuss ea5db35a52 Merge pull request #4127 from D4rkCiph3r/in-memory-payload 
Create proc_creation_macos_in-memory_payload_transfer.yml
 2023-08-23 08:57:23 +02:00
Nasreddine Bencherchali 22f98bb3d8 Merge pull request #4365 from Mladia/patch-1 
Update lnx_auditd_masquerading_crond.yml
 2023-08-22 18:53:52 +02:00
Nasreddine Bencherchali b34f098b0d Update lnx_auditd_masquerading_crond.yml 2023-08-22 18:36:03 +02:00
Nasreddine Bencherchali d53f063141 feat: update metadata 2023-08-22 18:22:05 +02:00
Nasreddine Bencherchali 32800437c9 Update proc_creation_macos_dseditgroup_add_to_admin_group.yml 2023-08-22 17:55:17 +02:00
Nasreddine Bencherchali 0f1f792ef9 chore: split rules 2023-08-22 17:48:06 +02:00
Nasreddine Bencherchali 68f843ce2c Merge pull request #4300 from gr00T0x/jamf 
feat: add rules related to jamf usage and potential abuse
 2023-08-22 15:38:35 +02:00
Nasreddine Bencherchali 7881df8591 Merge pull request #4055 from D4rkCiph3r/root_enable 
feat: add new to enable root account via dsenableroot
 2023-08-22 15:10:26 +02:00
Nasreddine Bencherchali ae71649ff5 Update rules/macos/process_creation/proc_creation_macos_jamf_susp_child.yml 2023-08-22 15:09:42 +02:00
phantinuss 785ea520dd fix: wording 2023-08-22 14:56:25 +02:00
phantinuss 9cb0c4d1ac fix: wording 2023-08-22 14:55:30 +02:00
Nasreddine Bencherchali b14769e684 feat: update metadata & logic 2023-08-22 14:34:20 +02:00
Nasreddine Bencherchali 006b120859 Merge pull request #4374 from mbabinski/master 
feat: add search(-ms)/WebDAV abuse rules
 2023-08-22 13:51:29 +02:00
Nasreddine Bencherchali 4e75c3b2dc feat: update detection & metadata 2023-08-22 13:51:14 +02:00
phantinuss f9893202e5 fix: IPv6 prefix 2023-08-22 13:17:40 +02:00
phantinuss bc2e0a54e8 fix: level 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-22 11:43:40 +02:00
phantinuss 24e7333f15 fix: typo 2023-08-22 11:43:04 +02:00
Nasreddine Bencherchali 89c6ea2ef0 Update rules/web/proxy_generic/proxy_webdav_search_ms.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-22 11:42:08 +02:00
Nasreddine Bencherchali 201066947b feat: update detection & metadata 2023-08-22 11:00:55 +02:00
Tessa Georgen e3628f0b73 fix: typo in tags field (#4383) 2023-08-18 18:33:13 +02:00
Nasreddine Bencherchali e13510ffa7 Merge pull request #4382 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-18 15:45:00 +02:00
Nasreddine Bencherchali d28b15cee2 Update .github/workflows/known-FPs.csv 2023-08-18 15:34:11 +02:00
Nasreddine Bencherchali 41c4a6029e Update .github/workflows/known-FPs.csv 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-18 15:21:09 +02:00
Nasreddine Bencherchali 3abede2a1c Update rules/windows/process_creation/proc_creation_win_bginfo_uncommon_child_process.yml 2023-08-18 15:15:52 +02:00
Nasreddine Bencherchali 360475d6ff fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-18 15:15:26 +02:00
Nasreddine Bencherchali be9abb9364 feat: update cl diag script rules 2023-08-17 19:26:21 +02:00
Nasreddine Bencherchali c39581217a feat: update rules using file sharing domains 2023-08-17 13:39:59 +02:00
phantinuss 653d9b87f2 Merge pull request #4381 from frack113/refractor_registry_set 
Refractor registry_set  rules
 2023-08-17 12:33:20 +02:00
Nasreddine Bencherchali 8aabf25831 Update registry_event_hybridconnectionmgr_svc_installation.yml 2023-08-17 11:21:56 +02:00
frack113 ce7d680d95 Refractor registry_set rules 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-08-17 09:03:30 +02:00
frack113 bb2aea7c4d Refractor registry_set rules 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-08-17 08:57:52 +02:00
Nasreddine Bencherchali f21e54e206 feat: update bginfo rules 2023-08-16 21:52:52 +02:00
Nasreddine Bencherchali 802fbd4aa4 Merge branch 'SigmaHQ:master' into new-rules-august-23 2023-08-15 16:20:35 +02:00
Nasreddine Bencherchali 99387042c6 feat: update bash lolbin rules 2023-08-15 16:20:14 +02:00
phantinuss bfb073cfcf Merge pull request #4367 from mostafa/json-schema 
JSON schema for Sigma specification
 2023-08-15 13:32:49 +02:00
phantinuss 594d3d86ed revert trigger error for new test 2023-08-15 13:24:57 +02:00
phantinuss 21c433937d trigger error for new test 2023-08-15 13:22:09 +02:00
phantinuss 2f6b8cd03a fix path to schema json 2023-08-15 13:18:33 +02:00
phantinuss 9a1d0932e9 use new path of validate script 2023-08-15 13:15:16 +02:00
phantinuss 373c458184 Rename validate.sh to tests/validate-sigma-schema/validate.sh 2023-08-15 13:14:07 +02:00
phantinuss 7ed0930f8f Rename sigma-schema.json to tests/validate-sigma-schema/sigma-schema.json 2023-08-15 13:13:29 +02:00
Mostafa Moradian 5a135694a6 Remove logsource properties, since they are optional 2023-08-15 12:44:13 +02:00
phantinuss ad01182279 stricter regex, remove timeframe search identifier 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-15 12:00:55 +02:00