security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,006 Commits 1 Branch 57 Tags
2e6f184370b1c08c826da66036f79014d5db122f
Commit Graph

162 Commits

Author SHA1 Message Date
Vasiliy Burov 2e6f184370 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:11:10 +03:00
Vasiliy Burov 436dd4d90c Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:04:24 +03:00
Vasiliy Burov a0ac753e32 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:39:36 +03:00
Vasiliy Burov 48f6fad6c3 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:35:59 +03:00
Vasiliy Burov 8d926dc303 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:27:45 +03:00
Vasiliy Burov 6f7475020a Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:23:27 +03:00
Vasiliy Burov 26ef1da071 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:00:17 +03:00
Vasiliy Burov d4e1786836 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:57:27 +03:00
Vasiliy Burov e2543158ce Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:53:00 +03:00
Vasiliy Burov 47d6122298 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:46:51 +03:00
Vasiliy Burov a39d453792 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:42:51 +03:00
Vasiliy Burov 2d88000fdf Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:38:07 +03:00
Vasiliy Burov 5c4adbb24e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:33:57 +03:00
Vasiliy Burov da14df6c9f Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:29:37 +03:00
Vasiliy Burov b80f0f6478 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:18:23 +03:00
Vasiliy Burov fb5748254e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:45:32 +03:00
Vasiliy Burov ef17d168bd Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:34:47 +03:00
Vasiliy Burov ce2767b10e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:47:07 +03:00
Vasiliy Burov 6e4f8bdd53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:35:15 +03:00
Vasiliy Burov 6cc1a5e767 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:27:24 +03:00
Vasiliy Burov 03ebc36a11 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:23:12 +03:00
Vasiliy Burov d16770aee4 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:19:23 +03:00
Vasiliy Burov 82c7edfd68 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:14:45 +03:00
Vasiliy Burov 2385d06221 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:09:21 +03:00
Vasiliy Burov 6094fd4e9c [OSCD] Create powershell_cmdline_specific_comb_methods.yml 2020-10-11 20:56:45 +03:00
aw350m3 eb6b9be5a2 added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes 2020-08-25 23:51:22 +00:00
aw350m3 c28fce6273 fix duplication of key "modified" in mapping 2020-08-25 00:53:09 +00:00
aw350m3 c22273d162 fix duplication of key modified in mapping 2020-08-25 00:50:38 +00:00
aw350m3 399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3 ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Ryan Plas de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Ryan Plas 04fd598bcf Update additional rules to have correct logsource attributes 2020-07-13 17:02:17 -04:00
Ryan Plas 25d978d9bd Update powershell_shellcode_b64.yml logsource to use the correct Sigma schema values 2020-07-11 22:17:06 -04:00
Thomas Patzke 7eb499ad85 Added rule id 2020-07-07 22:54:55 +02:00
Thomas Patzke 360b5714a8 Splitted and improved new rule 2020-07-07 22:47:14 +02:00
Thomas Patzke 0ce5f2cc75 Merge branch 'patch-2' of https://github.com/4A616D6573/sigma into pr-483 2020-07-07 22:37:11 +02:00
Harish SEGAR 649e4eaa63 Added new rule for pwsh_xor_cmd 2020-06-29 22:09:58 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
zaphod 1a598282f4 Add 'Add-Content' to powershell_ntfs_ads_access 2020-05-13 11:57:10 +02:00
Remco Verhoef 40539a0c0e fix incorrect use of action global 2020-05-06 22:53:02 +02:00
Florian Roth 4f469c0e39 Adjusted level 2020-04-14 13:37:10 +02:00
teddy-ROxPin 1501331f77 Create powershell_create_local_user.yml 
Adds coverage for creating a local account via PowerShell from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md#atomic-test-4---create-a-new-user-in-powershell
 2020-04-11 02:51:05 -06:00
Florian Roth 0ea2db8b9e Merge pull request #484 from hieuttmmo/master 
New sigma rules to detect new MITRE technique in last update (T1502)
 2020-04-03 09:59:36 +02:00
Florian Roth f4928e95bc Update powershell_suspicious_profile_create.yml 2020-04-03 09:36:17 +02:00
Florian Roth c0ab9c5745 Merge pull request #671 from HarishHary/powershell_downgrade_attack 
Powershell downgrade attack (small improvements)
 2020-04-03 09:31:33 +02:00
Florian Roth 6cf0edc076 Merge pull request #685 from teddy-ROxPin/patch-1 
Typo fix for powershell_suspicious_invocation_generic.yml
 2020-04-03 09:30:32 +02:00
Remco Hofman b791d599ee Disabled keywords that could cause FPs 2020-03-30 08:53:52 +02:00
teddy-ROxPin 1a3731f7ae Typo fix for powershell_suspicious_invocation_generic.yml 
' - windowstyle hidden ' changed to ' -windowstyle hidden '
 2020-03-29 04:16:15 -06:00
Remco Hofman f52ed4150d WMImplant parameter detection 2020-03-27 15:08:35 +01:00