security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

778 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 22f98bb3d8 Merge pull request #4365 from Mladia/patch-1 
Update lnx_auditd_masquerading_crond.yml
 2023-08-22 18:53:52 +02:00
Nasreddine Bencherchali b34f098b0d Update lnx_auditd_masquerading_crond.yml 2023-08-22 18:36:03 +02:00
Nasreddine Bencherchali 1e0fb02ef7 Update proc_creation_lnx_ssm_agent_abuse.yml 2023-08-04 00:09:48 +02:00
z00t d854c66616 Title has been update to avoid duplication. 2023-08-03 19:38:29 +05:00
z00t 5c0f48ae55 New rule created for Linux OS. 2023-08-03 18:35:12 +05:00
Mladia 25d7fb85d4 Update lnx_auditd_masquerading_crond.yml 
Adapting the rule so it corresponds to the linked atomic red scenario.
 2023-08-01 12:35:34 +02:00
Nasreddine Bencherchali 8dca7aa1ba feat: more updates 2023-07-28 14:32:57 +02:00
Ryan Plas cda0fbff62 fix:F multiple 404 links in references (#4332) 2023-06-26 10:10:04 +01:00
Nasreddine Bencherchali 44e0625360 fix: update rules for tests 2023-06-19 09:24:18 +02:00
Nasreddine Bencherchali 22628faaf0 feat: add rules related to Barracuda ESG exploitation 2023-06-18 22:14:57 +02:00
jstnk9 04cf7e9ea3 feat: new linux rules related to GobRAT malware (#4272) 2023-06-02 15:49:43 +02:00
dan21san 331a65103f feat: add new rule related to linux sensitive file tampering (#4263) 2023-05-30 16:23:19 +02:00
Nasreddine Bencherchali f3104f748f Merge pull request #4211 from fukusuket/refactor-use-all-modifier-without-field-instead-of-all-of 
chore: refactor use `'|all'` instead of using `all of` for a single selector.
 2023-05-05 18:44:35 +02:00
kidrek 239afc945d fix: update curl rules flags to use regex (#4213) 2023-05-03 10:16:01 +02:00
Nasreddine Bencherchali d7f1e8c443 Update lnx_auditd_binary_padding.yml 2023-05-03 01:09:55 +02:00
fukusuket 78fe42f78c refactor: use '|all' instead of using all of for a single selector. 2023-04-30 21:49:32 +09:00
dan21san 4b8f70fb97 feat: add new rules related to linux reverse shells (#4166) 2023-04-25 11:03:11 +02:00
tareq-alkhatib 999cd5763a chore: split selection clause into two (#4160) 2023-04-05 05:04:54 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
iai-rsa 66f3c54b89 feat: new linux rules #4095) 
- Updated lnx_auditd_system_info_discovery.yml
- Added lnx_auditd_modify_system_firewall.yml
- Depracted lnx_auditd_alter_bash_profile.yml and replaced by an enhanced version in lnx_auditd_unix_shell_configuration_modification.yml
 2023-03-27 13:17:54 +02:00
tuan a035aa0385 feat: new rule related to process termination using kill (#4112) 2023-03-20 22:04:26 +01:00
tuan 2a1124e95e feat: new rules Linux Package Uninstall (#4098) 2023-03-13 00:04:53 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 66700a69e2 Merge pull request #3994 from ionsor/patch-8 
Update proc_creation_lnx_hack_tools.yml
 2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali 2684f0f63c fix: remove unnecessary entry 2023-01-31 17:21:42 +01:00
Nasreddine Bencherchali 412efdad03 fix: update selection 2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali 164ee358c3 fix: update modified date 2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali 6a337151d1 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 17:11:18 +01:00
Feathers 8f6242c35f Update proc_creation_lnx_hack_tools.yml 
added to the list of hacking tools, Linpeas, a privilege escalation script
 2023-01-31 17:01:17 +01:00
Nasreddine Bencherchali 33952874f1 fix: update selection 2023-01-31 14:14:50 +01:00
Nasreddine Bencherchali e158d6c1eb feat: add shadow file 2023-01-31 12:25:33 +01:00
Nasreddine Bencherchali 6a65920dd6 feat: new rules from blackberry 2023-01-31 00:38:06 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
frack113 f7b159350d Merge pull request #3954 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-01-25 13:21:44 +01:00
Nasreddine Bencherchali f42eb77f29 fix: rule logic 2023-01-25 12:03:11 +01:00
Nasreddine Bencherchali d47215d469 fix: single element selection 2023-01-25 01:35:47 +01:00
Nasreddine Bencherchali 7d2b70cb91 feat: add bpf related rules 2023-01-25 01:14:49 +01:00
Nick Moore 0312c481d9 Change rules using all of required-lists to |all 
When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).

This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.

See SigmaHQ/sigma-specification#53 for further discussion.
 2023-01-23 14:37:25 +00:00
Nasreddine Bencherchali 1c0bf6e262 feat: update windows firewall rules 2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
frack113 e886902374 Update proc_creation_lnx_system_network_connections_discovery.yml 2023-01-13 10:12:10 +01:00
Veramine d91a1d0903 filter some legitimate activity 
Filter landscape-sysinfo tool calling who
 2023-01-13 00:47:40 -08:00
Nasreddine Bencherchali 15757c2b7d fix: remove tactic links 2023-01-10 19:20:31 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
frack113 d6059d801b Filename normalisation 2023-01-07 08:52:11 +01:00
Nasreddine Bencherchali ea4b844c8e fix: broken selections 2023-01-06 17:28:29 +01:00