security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,807 Commits 1 Branch 57 Tags
291ca18d22f720f2ebcd30cf468f4434cecccdaa
Commit Graph

4813 Commits

Author SHA1 Message Date
securepeacock 291ca18d22 Merge pull request #4389 from @securepeacock 
chore: Dynamic .NET Compilation Via Csc.EXE - add new reference
 2023-08-23 18:59:03 +02:00
securepeacock bad3152ac3 Merge pull request #4388 from @securepeacock 
chore: Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE - add new reference
 2023-08-23 18:52:22 +02:00
Nasreddine Bencherchali 006b120859 Merge pull request #4374 from mbabinski/master 
feat: add search(-ms)/WebDAV abuse rules
 2023-08-22 13:51:29 +02:00
phantinuss bc2e0a54e8 fix: level 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-08-22 11:43:40 +02:00
Nasreddine Bencherchali 201066947b feat: update detection & metadata 2023-08-22 11:00:55 +02:00
Nasreddine Bencherchali 3abede2a1c Update rules/windows/process_creation/proc_creation_win_bginfo_uncommon_child_process.yml 2023-08-18 15:15:52 +02:00
Nasreddine Bencherchali 360475d6ff fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-18 15:15:26 +02:00
Nasreddine Bencherchali be9abb9364 feat: update cl diag script rules 2023-08-17 19:26:21 +02:00
Nasreddine Bencherchali c39581217a feat: update rules using file sharing domains 2023-08-17 13:39:59 +02:00
Nasreddine Bencherchali f21e54e206 feat: update bginfo rules 2023-08-16 21:52:52 +02:00
Nasreddine Bencherchali 99387042c6 feat: update bash lolbin rules 2023-08-15 16:20:14 +02:00
Nasreddine Bencherchali 967f31b241 feat: aspnet compile + agentexecutor rename 2023-08-14 14:38:25 +02:00
Nasreddine Bencherchali 2e9bba557d feat: add mfdetours unsigned sideload 2023-08-14 09:43:11 +02:00
Nasreddine Bencherchali cac07b8ecd Merge pull request #4379 from swachchhanda000/lolbas_msedge_and_teams 
feat: enhance ftp lolbin rule and fix fp with vsto rule
 2023-08-11 14:10:00 +02:00
Nasreddine Bencherchali 0a5d38140d fix: remove already covered rules and fix metadata 2023-08-11 12:55:33 +02:00
Swachchhanda Poudel 32e0100af2 Added two new lolbas rules and slight modifications on exisiting rules 2023-08-11 16:28:46 +05:45
Nasreddine Bencherchali fff8191d65 Merge pull request #4377 from nasbench/new-rules-august-23 
feat: new rules & updates
 2023-08-10 11:56:34 +02:00
Nasreddine Bencherchali 2259a57b9b fix: duplicate ids and missing selections 2023-08-10 11:20:34 +02:00
Nasreddine Bencherchali aab060e642 Merge branch 'master' of https://github.com/SigmaHQ/sigma into pr/4376 2023-08-10 10:20:03 +02:00
phantinuss 158a1c6cc1 fix: wording 2023-08-09 19:04:37 +02:00
Nasreddine Bencherchali 75085680de feat: update gpg4win rules 2023-08-09 17:08:59 +02:00
Nasreddine Bencherchali a13206f28b Merge pull request #4316 from swachchhanda000/master 2023-08-09 14:39:31 +02:00
phantinuss 7beea4c526 fix: wording 2023-08-09 13:41:27 +02:00
Nasreddine Bencherchali 87b94ac166 feat: updates and enhancements 2023-08-08 21:53:37 +02:00
Nasreddine Bencherchali f52cd142e3 feat: rules update 2023-08-07 16:09:21 +02:00
Nasreddine Bencherchali ba3af8f353 feat: apply suggestions from code review 2023-08-07 11:47:27 +02:00
Nasreddine Bencherchali a5fcba83cb Update proc_creation_win_susp_service_tamper.yml 2023-08-07 11:47:07 +02:00
frack113 6a3edbdfca Add portable gpg.exe detection 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-08-06 11:00:52 +02:00
Micah Babinski edd3c4dc76 Corrected 'related' section 2023-08-04 19:42:18 -07:00
Micah Babinski acc59520fa Renamed process creation rule to proper format. 2023-08-04 18:19:21 -07:00
Micah Babinski 8d16ed2cc2 Added search(-ms)/WebDAV rules 2023-08-04 17:37:54 -07:00
RenaudFrere edf3e3f3a2 Update proc_creation_win_susp_service_tamper.yml 2023-08-04 16:31:00 +02:00
RenaudFrere 7f6c1d4952 Fixing 1 service typo in proc_creation_win_susp_service_tamper.yml 2023-08-04 16:14:33 +02:00
Nasreddine Bencherchali 4735f5bb62 Merge pull request #4366 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-04 13:25:46 +02:00
Nasreddine Bencherchali 134c3ff3aa Update rules/windows/process_creation/proc_creation_win_csc_susp_parent.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:30:44 +02:00
phantinuss bca13a3612 fix: wording 2023-08-04 10:44:46 +02:00
Nasreddine Bencherchali 30933109cd feat: more updates 2023-08-03 18:50:16 +02:00
z00t de4e50ff01 feat: add new rule related to "Amazon SSM Agent" potential abuse (#4369) 2023-08-03 11:42:50 +02:00
Swachchhanda Poudel 64ff613934 Capitalized title 2023-08-02 19:34:38 +05:45
Nasreddine Bencherchali b9beedee76 feat: update csc rules 2023-08-02 13:16:10 +02:00
Swachchhanda Poudel c3bb062fa6 Added rules to detect lolbas provlaunch.exe 2023-08-02 15:16:16 +05:45
Nasreddine Bencherchali 381b135ba7 feat: update shim rules 2023-08-01 23:13:18 +02:00
Nasreddine Bencherchali e69daf27a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:28:34 +02:00
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b24e863a1c feat: add VMwareToolBoxCmd persistence 2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali 1d10fd8d52 feat: update curl & wget rules 2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
phantinuss 250d6c0dd0 fix: selection to use all strings 2023-07-25 10:17:54 +02:00
phantinuss 9f9f2321de fix: FP found with missing commandlines 2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00