security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5,321 Commits 1 Branch 57 Tags
29fe6e46d85acf996f25e95754cc008efbc4e8d6
Commit Graph

738 Commits

Author SHA1 Message Date
yugoslavskiy e1fd69f548 Merge pull request #1179 from SanWieb/OSCD_regedit_3 
[OSCD] regedit.exe LOLbas 72 [3]
 2021-01-06 00:16:45 +03:00
yugoslavskiy f2c6011c6b Merge pull request #1126 from skirankumar/master 
[OSCD]Sysmon_silenttrinity_stager_msbuild_activity.yml
 2021-01-05 23:14:20 +03:00
yugoslavskiy 0414d7a498 Merge branch 'oscd' into master 2020-11-30 02:04:03 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
Jonhnathan 0606cd3dde Update detection Logic 2020-11-20 02:10:27 -03:00
Jonhnathan ebb4580378 Remove additional backlash 2020-11-20 02:04:28 -03:00
S.kiran kumar b5e07f0a37 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 17:00:50 +05:30
S.kiran kumar 708fe7f8fa Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:33 +05:30
S.kiran kumar 630365cb4b Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:11 +05:30
S.kiran kumar 6c5bb72491 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:28:04 +05:30
S.kiran kumar d7e9a87feb Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:10:46 +05:30
S.kiran kumar 02ce1196c3 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:58:32 +05:30
S.kiran kumar 2469ad14d8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:47:21 +05:30
S.kiran kumar 15a6352da6 Removed event ID 2020-10-24 17:40:29 +05:30
S.kiran kumar ca5e86c850 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:14:07 +05:30
S.kiran kumar 7db0351d6d Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:11:55 +05:30
S.kiran kumar e474c26c90 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:07:31 +05:30
S.kiran kumar e8611ca0a7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:00:19 +05:30
S.kiran kumar 7ba3d7a9c8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 19:58:13 +05:30
S.kiran kumar 7fbaacabb0 Mitre attck tags chages 2020-10-20 23:20:34 +05:30
S.kiran kumar 31ad3fcd6b Mitre tags changed 2020-10-18 08:08:25 +05:30
Jonhnathan d7eda3fe7e Update sysmon_wmi_susp_scripting.yml 2020-10-15 20:15:22 -03:00
Jonhnathan 92aaeca075 Update sysmon_susp_powershell_rundll32.yml 2020-10-15 20:14:23 -03:00
Jonhnathan 26b36086c7 Update sysmon_cmstp_execution.yml 2020-10-15 20:13:39 -03:00
Jonhnathan df81f5180d Update sysmon_cactustorch.yml 2020-10-15 20:12:54 -03:00
S.kiran kumar 26af11985a Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 21:50:34 +05:30
S.kiran kumar 61ded7e0d7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 19:22:41 +05:30
S.kiran kumar 0cb340a718 Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 19:00:24 +05:30
Sander a8b31dfa5e Fixed field typo 2020-10-15 15:27:11 +02:00
S.kiran kumar b1b77c15ad Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 18:50:24 +05:30
Sander 02d49c091a Created rule regedit export to ads 2020-10-15 14:20:15 +02:00
S.kiran kumar 20a54d86b1 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 19:49:39 +05:30
S.kiran kumar 0d25660624 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 14:13:20 +05:30
S.kiran kumar 2fa7ae2c1c Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 13:04:49 +05:30
S.kiran kumar 6b25378a61 Removed * operator 2020-10-14 10:07:16 +05:30
S.kiran kumar 4fa6ca01ef Changed category. 2020-10-14 10:05:41 +05:30
Thomas Patzke f7c440b097 Merge pull request #1065 from nsaddler/oscd1 
[OSCD] Accessing WinAPI in PowerShell. Credentials dumping Rule added
 2020-10-13 22:33:14 +02:00
Thomas Patzke 0914c03acb Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-13 22:32:55 +02:00
S.kiran kumar bd5e7fda14 Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 21:26:44 +05:30
nsaddler e94a47b9d3 Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-12 18:33:43 +03:00
S.kiran kumar 27823763cb Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 20:14:43 +05:30
S.kiran kumar a640c1e151 Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 20:11:24 +05:30
S.kiran kumar f1c9286a25 Updated minor changes 
Change tags.
Change author (add "oscd.community").
Change date format.
Change logsource.
Change detection (use endswith as a modifier).
Change fields.
 2020-10-12 20:06:36 +05:30
S.kiran kumar c76eede1b8 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:11:09 +05:30
S.kiran kumar fbf5d2fdc4 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:07:41 +05:30
S.kiran kumar bddbe68235 Create silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:02:03 +05:30
S.kiran kumar 6b0b779480 Delete sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 23:00:52 +05:30
S.kiran kumar 6b10b998c9 Update sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:38:30 +05:30
S.kiran kumar 476ed7ec2d Rename silenttrinity _stager _communication _c2.yml to sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:03:24 +05:30
S.kiran kumar 545a8c06ed Rename Silenttrinity _Stager _Communication _C2.yml to silenttrinity _stager _communication _c2.yml 2020-10-11 21:53:45 +05:30