security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,321 Commits 1 Branch 57 Tags
29fe6e46d85acf996f25e95754cc008efbc4e8d6
Commit Graph

1306 Commits

Author SHA1 Message Date
yugoslavskiy 2cf1994763 Merge pull request #1206 from w0rk3r/oscd5 
[OSCD] Windows - Suspicious Service DACL Modification
 2021-01-06 00:18:53 +03:00
yugoslavskiy aad2838f58 Merge pull request #1198 from tas-kmanager/mt-oscd-sigma547-50-rule2 
[OSCD] Always Install Elevated - Slide 50 - Rule 2
 2021-01-06 00:18:44 +03:00
yugoslavskiy 0b7babaa84 Merge pull request #1196 from tas-kmanager/mt-oscd-sigma547-50-rule1 
[OSCD] Always Install Elevated - Slide 50 - Rule 1
 2021-01-06 00:18:26 +03:00
yugoslavskiy 8e50eeb4a9 Merge pull request #1187 from nsaddler/lolbas108 
[OSCD] LOLBAS Manage-bde.yml
 2021-01-06 00:18:02 +03:00
yugoslavskiy e91d48cc93 Merge pull request #1185 from nsaddler/lolbas107_1 
[OSCD] LOLBAS CL_Mutexverifiers - process_creation
 2021-01-06 00:17:46 +03:00
yugoslavskiy def4a7dbb9 Merge pull request #1183 from nsaddler/lolbas106 
[OSCD] LOLBAS CL_Invocation - process_creation
 2021-01-06 00:17:01 +03:00
yugoslavskiy e1fd69f548 Merge pull request #1179 from SanWieb/OSCD_regedit_3 
[OSCD] regedit.exe LOLbas 72 [3]
 2021-01-06 00:16:45 +03:00
yugoslavskiy 8e6b77fc4f Merge pull request #1177 from OpalSec/oscd 
[OSCD] Tasks 24, 25 & 26: Detection for Invoke-Obfuscation CLIP+, STDIN+ & VAR+ Launchers
 2021-01-06 00:16:34 +03:00
yugoslavskiy 95d8a9daf0 Merge pull request #1174 from uncleAntik/update 
[OSCD] LOLBin vsjitdebugger.exe #136
 2021-01-06 00:16:20 +03:00
yugoslavskiy 252345ca00 Merge pull request #1173 from uncleAntik/fix 
[OSCD] LOLBin te.exe #133
 2021-01-06 00:16:12 +03:00
yugoslavskiy 1fd0afc58e Merge pull request #1167 from tas-kmanager/mt-oscd-sigma547-43 
[OSCD] Add Accesschk tool usage rule
 2021-01-06 00:14:08 +03:00
yugoslavskiy 4c8e0b201d Merge pull request #1162 from uncleAntik/131 
[OSCD] LOLBin sqltoolsps.exe #131
 2021-01-06 00:11:33 +03:00
yugoslavskiy dd7a95ac74 Merge pull request #1081 from cy1337/patch-1 
[OSCD] Added nltest LOLBIN
 2021-01-05 23:16:14 +03:00
yugoslavskiy 1c1c38e091 Merge pull request #1119 from uncleAntik/oscd 
[OSCD] sqlps.exe LOLbin
 2021-01-05 23:14:02 +03:00
yugoslavskiy 39991a8ab6 Merge pull request #1106 from stvetro/2020 
[OSCD] Suspicious ftp.exe usage (LOLBin)
 2021-01-05 23:13:03 +03:00
yugoslavskiy 804db42b7a Merge pull request #1105 from Vasilisa-L/OSCD_rasautou 
[OSCD] Rasautou.exe LOLbin
 2021-01-05 23:12:48 +03:00
yugoslavskiy 794cd7aaeb Merge pull request #1104 from Vasilisa-L/OSCD_rpcping 
[OSCD] rpcping lolbin
 2021-01-05 23:12:35 +03:00
yugoslavskiy 05b03afddb Merge pull request #1103 from concorde18/oscd_win_susp_diskshadow 
[OSCD] win_susp_diskshadow
 2021-01-05 23:10:55 +03:00
yugoslavskiy d48bac226f Merge pull request #1099 from NikitaStormwind/regular31(2) 
[OSCD] Detects Obfuscated Powershell via use MSHTA in Scripts #31 (process_creation)
 2021-01-05 23:10:46 +03:00
yugoslavskiy ae3c0d0801 Merge pull request #1095 from esebese/task136 
[OSCD]win_pe_exec_vsjitdebugger.yml added
 2021-01-05 23:10:18 +03:00
yugoslavskiy aa9182593a Merge pull request #1087 from Vasilisa-L/OSCD_pester.bat 
[OSCD] 109: Pester.bat
 2021-01-05 23:09:47 +03:00
yugoslavskiy 1992b1ac9f Merge pull request #1074 from semanurguneysu/oscd 
[OSCD] Create sysmon_abusing_debug_privilege.yml
 2021-01-05 23:06:57 +03:00
yugoslavskiy ff373b0f33 Update win_nltest_query.yml 2021-01-05 23:03:41 +03:00
yugoslavskiy bceb3c8af0 Merge pull request #1047 from grikos/sigma/oscd 
[OSCD] Registry modify via VBoxDrvInst
 2021-01-05 23:00:20 +03:00
Florian Roth 40e0e3bc99 Merge pull request #1193 from w0rk3r/oscd_rules_improvement 
[OSCD] Windows Rules - Review for improvements on selections and logic
 2020-12-31 12:10:15 +01:00
Florian Roth 133b98ffcb Merge pull request #1262 from invrep-de/oscd 
[OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy
 2020-12-21 18:30:21 +01:00
yugoslavskiy 0188e45925 Update win_malware_script_dropper.yml 2020-12-01 02:12:53 +01:00
yugoslavskiy 30ecc8bd26 Update win_malware_script_dropper.yml 2020-12-01 02:08:52 +01:00
yugoslavskiy 6494103839 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:54:51 +01:00
yugoslavskiy d1b625d080 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:51:47 +01:00
yugoslavskiy 3cbc2f0aec Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:47:23 +01:00
yugoslavskiy 816ce5937c Update win_susp_crackmapexec_execution.yml 2020-12-01 01:29:35 +01:00
yugoslavskiy 56f94a19f7 Update win_regedit_export_keys.yml 2020-11-30 02:08:54 +01:00
Yugoslavskiy Daniil 50623544a2 remove possible duplicate filter 2020-11-29 22:03:19 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 7dc5233dd9 Update win_susp_commands_recon_activity.yml 2020-11-28 18:43:04 +01:00
yugoslavskiy 9f8ef95571 Update win_webshell_detection.yml 2020-11-28 18:25:09 +01:00
yugoslavskiy c761d05a17 Update win_system_exe_anomaly.yml 2020-11-28 18:03:19 +01:00
yugoslavskiy 258334d6d1 Update win_susp_wmi_execution.yml 2020-11-28 18:01:06 +01:00
yugoslavskiy c0c74a05df Update win_susp_sysvol_access.yml 2020-11-28 17:49:21 +01:00
yugoslavskiy 3c75bc922a Update win_susp_squirrel_lolbin.yml 2020-11-28 17:47:16 +01:00
yugoslavskiy 42f27a41cb Update win_susp_rundll32_by_ordinal.yml 2020-11-28 17:44:30 +01:00
yugoslavskiy ca0a6547fb Update win_susp_run_locations.yml 2020-11-28 17:42:47 +01:00
Jonhnathan f1455e0c38 Update win_win10_sched_task_0day.yml 2020-11-28 13:42:30 -03:00
Jonhnathan fe3ed329ef Update win_webshell_recon_detection.yml 2020-11-28 13:41:11 -03:00
yugoslavskiy ea550cf551 Update win_susp_regsvr32_anomalies.yml 2020-11-28 17:40:40 +01:00
Jonhnathan f0bf3d13b5 Update win_webshell_detection.yml 2020-11-28 13:38:34 -03:00
Jonhnathan 9f4bbb7e65 Update win_webshell_detection.yml 2020-11-28 13:35:50 -03:00
yugoslavskiy bcf62fba72 Update win_susp_ps_appdata.yml 2020-11-28 17:34:34 +01:00
yugoslavskiy 2ed4b26291 Update win_susp_procdump.yml 2020-11-28 17:33:02 +01:00