security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,368 Commits 1 Branch 57 Tags
2c0e89ccc8584b59bee3ae4c8aabd2a9df87f8af
Commit Graph

427 Commits

Author SHA1 Message Date
Austin Songer 4e43fce629 Update powershell_windows_firewall_profile_disabled.yml 2021-10-13 07:01:04 -05:00
Austin Songer 40eed2ec59 Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml 2021-10-12 11:57:37 -05:00
Austin Songer d273bc25ea Create powershell_windows_firewall_disabled.yml 2021-10-12 11:56:37 -05:00
frack113 1337116d84 Cleanup selection name 2021-10-10 10:17:24 +02:00
Florian Roth 2379907f26 docs: extended the description by a word 2021-10-09 16:42:42 +02:00
Florian Roth f475b90ee3 fix: typo in description 2021-10-09 16:41:48 +02:00
frack113 5c68c42058 order powershell_script 2021-10-09 10:30:36 +02:00
frack113 77749510b7 fix yml 2021-10-09 10:01:40 +02:00
frack113 41d098b253 fix yml error 2021-10-09 09:59:21 +02:00
frack113 9b0f744f75 order powershell_script 2021-10-09 09:57:45 +02:00
frack113 fe7fbfd5fc order powershell_module 2021-10-09 09:50:49 +02:00
frack113 0d04b469f7 order powershell_classic 2021-10-07 07:40:53 +02:00
frack113 1c842037cf Merge pull request #2109 from Karneades/patch-1 
Add fp note to powershell winapi rule
 2021-09-30 17:45:03 +02:00
Andreas Hunkeler 82ba266a53 Add fp note to powershell winapi rule 2021-09-30 16:38:39 +02:00
frack113 29d66a965c add 4104 2021-09-30 10:03:11 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
frack113 6e6d57b019 fix filename 2021-09-22 18:45:08 +02:00
frack113 3c906b52a0 fix filename 2021-09-22 16:21:07 +02:00
frack113 045e87058b add definition 2021-09-22 08:40:08 +02:00
Florian Roth d884f774f9 Update powershell_memorydump_getstoragediagnosticinfo.yml 2021-09-21 18:01:46 +02:00
Max Altgelt bf9bc03258 chore: properly name and describe rules 2021-09-21 15:59:01 +02:00
Max Altgelt 8c3faa390c feat: Add rule for live memory dumping 2021-09-21 15:09:12 +02:00
frack113 8c13bd23b9 split global win_powershell_web_request 2021-09-21 13:44:19 +02:00
frack113 0a6ac0b171 split global powershell_alternate_powershell_hosts.yml 2021-09-21 09:52:35 +02:00
frack113 f5d58a0cb1 split powershell_remote_powershell_session.yml 2021-09-21 09:48:50 +02:00
frack113 95af26f963 split powershell_suspicious_download.yml 2021-09-21 09:46:02 +02:00
frack113 2223afb6fe split global rules 2021-09-11 20:30:32 +02:00
frack113 e712d9696b Merge pull request #2000 from frack113/split_global 
Split frack113 global rules
 2021-09-08 06:26:35 +02:00
Thomas Patzke 143744bc12 Various fixes 
* Backslashes in regular expressions
* Casing of condition operators
* Further small errors
 2021-09-07 23:38:07 +02:00
frack113 0e5e4fa19d Split global rules 2021-09-07 13:30:32 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
frack113 1fc2a39720 Merge pull request #1975 from frack113/red_T1564.004_2 
Redcanary  t1564.004 test 2
 2021-09-03 08:12:08 +02:00
frack113 d02ee1eddd Update global ID 2021-09-02 21:16:55 +02:00
frack113 9bcefc6a93 move uuid from global 2021-09-02 16:05:05 +02:00
frack113 90e673e5ac fix invalid tags 2021-09-02 10:17:50 +02:00
frack113 25c6f69ea3 update references 2021-09-02 09:51:44 +02:00
frack113 5e87970c77 add powershell_store_file_in_alternate_data_stream.yml 2021-09-02 09:47:54 +02:00
frack113 6f3fc7036e Update tags 2021-09-01 09:45:31 +02:00
frack113 eb434732a7 move rule not only powershell 2021-08-31 13:48:07 +02:00
frack113 18cdc36d73 Fix EventID 4103 detection 2021-08-31 13:44:54 +02:00
frack113 89e21c69ef fix detection 2021-08-31 09:07:54 +02:00
frack113 acf59f9795 Fix some errors 2021-08-30 19:49:44 +02:00
frack113 68237dffc4 fix HostApplication 2021-08-28 08:18:47 +02:00
frack113 ef6e0c5a4c Fix error and FP 2021-08-28 08:02:16 +02:00
f.hubaut e66007a43d fix file name case 2021-08-26 11:15:33 +02:00
frack113 33c6ff6b5f add powershell_suspicious_win32_pnpentity 2021-08-23 13:17:35 +02:00
frack113 fc9666fb4e Merge pull request #1896 from ZikyHD/fix_old_technics 
Replace old mitre techniques by new one
 2021-08-22 18:56:08 +02:00
frack113 0a410010a2 Merge pull request #1877 from frack113/red_back 
Add t1546 redcanary rules
 2021-08-22 18:50:58 +02:00
SomeOne 295054dcbe Replace old mitre techniques by new one 2021-08-22 13:57:56 +02:00
frack113 42c90b9d20 fix powershell_psattack error 2021-08-21 10:05:47 +02:00