security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,006 Commits 1 Branch 57 Tags
2a1124e95eb06cd7ca8e4ce35d1562bd1725481e
Commit Graph

4574 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 149256b0b9 fix: add missing modified date 2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali 556e445e22 fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-03-07 17:49:21 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 1378cf6d75 feat: update cmd based rules 2023-03-07 14:13:57 +01:00
Nasreddine Bencherchali e2d48cf455 chore: rename wscript/cscript only rules 2023-03-06 01:09:29 +01:00
Nasreddine Bencherchali e5c75d3232 fix: shorten filenames 2023-03-06 00:55:03 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
Nasreddine Bencherchali 4439d85ea5 chore: renames with new sigma convention 2023-03-03 00:21:25 +01:00
Nasreddine Bencherchali eae48afc53 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-01 19:10:50 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 8649d31048 fix: update modified field 2023-03-01 13:52:03 +01:00
markus-nclose 5d7fe8823b Add reg.exe 
Reg.exe for Qakbot defense evasion.
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt
xcopy  C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\glanduleHoratory.exe /h /s /e
 2023-03-01 13:27:59 +02:00
Nasreddine Bencherchali f5f6ec3e64 fix: update modifiers 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-28 18:27:41 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 1353d57485 fix: issues with CICD 2023-02-28 15:59:13 +01:00
Nasreddine Bencherchali 5689263f30 fix: add missing modified 2023-02-28 15:44:37 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 2234b7d180 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-28 12:34:41 +01:00
Gude5 39928d2cdf feat: update del related detection (#4046) 2023-02-27 15:19:28 +01:00
Nasreddine Bencherchali 40f587b63d feat: more renames 2023-02-27 13:01:52 +01:00
frack113 d7e8407d0d Update detection 2023-02-26 16:28:46 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
Nasreddine Bencherchali d6f3e7dacb feat: rename rules for conventions 2023-02-24 19:33:24 +01:00
frack113 ae45af68ab Update proc_creation_win_hktl_jlaive_batch_execution.yml 2023-02-22 17:13:48 +01:00
frack113 f2c3954e74 Update proc_creation_win_hktl_crackmapexec_execution_patterns.yml 2023-02-22 17:13:02 +01:00
Nasreddine Bencherchali 69c28fedbc fix: typo 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:16:49 +01:00
Nasreddine Bencherchali 02d6d571cb fix: apply suggestions from 2nd code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:15:49 +01:00
Nasreddine Bencherchali fc3c6ef4c7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-22 11:05:50 +01:00
frack113 1a14cd58db Update proc_creation_win_msiexec_dll.yml 2023-02-22 06:34:02 +01:00
frack113 bc5ec4fc88 Update proc_creation_win_auditpol_susp_execution.yml 2023-02-22 06:26:30 +01:00
Nasreddine Bencherchali 5f1231b5f2 fix: unused selection 2023-02-21 22:25:34 +01:00
Nasreddine Bencherchali 63888f7a53 feat: multiple fixes and updates 2023-02-21 22:15:30 +01:00
Nasreddine Bencherchali 41e844e0cc fix: add missing modified 2023-02-20 17:08:48 +01:00
Wagga 7387648bb1 Update proc_creation_win_mstsc_remote_connection.yml 2023-02-20 14:13:26 +01:00
Wagga e7492c0f75 Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:51 +01:00
Wagga fae6d7066a Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:32 +01:00
Wagga 71b849146c Update proc_creation_win_certutil_export_pfx.yml 2023-02-20 14:11:48 +01:00
Nasreddine Bencherchali b1866adb07 Merge pull request #4049 from nasbench/nasbench-rule-devel 
feat: new rules, updates and fixes
 2023-02-20 13:44:04 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Yamato Security 9c673bbb15 added other potential IEX strings 2023-02-18 05:51:40 +09:00
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali 164b3a36b6 Merge pull request #4043 from nasbench/certutil-other-updates 
feat: certutil rules updates + other fixes
 2023-02-16 11:45:08 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 416c10e0d3 fix: yaml error in description 2023-02-16 11:15:06 +01:00
Nasreddine Bencherchali 4142819114 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:06:57 +01:00
Nasreddine Bencherchali 362f4e4e60 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:05:38 +01:00
Nasreddine Bencherchali e2068c5cd0 Merge pull request #4001 from mbabinski/master 
feat: new rule related to Right-to-left override character in the CLI
 2023-02-16 10:54:13 +01:00