security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,212 Commits 1 Branch 57 Tags
2ea7fc0c51ffa01ccfa1a1ece2c8d3d270b830a1
Commit Graph

9400 Commits

Author SHA1 Message Date
frack113 2ea7fc0c51 Update proxy_turla_comrat.yml 2022-08-15 17:32:34 +02:00
frack113 f50de1d4e1 Update proxy_chafer_malware.yml 2022-08-15 17:32:20 +02:00
frack113 29901228fd Update proxy_baby_shark.yml 2022-08-15 17:32:07 +02:00
Tomasuh 2bcb6abd72 Escape ? character 2022-08-12 12:46:21 +02:00
Tomasuh 5c549a2825 Escape ? character 2022-08-12 12:45:52 +02:00
Tomasuh 08d25bd065 Escape ? character 2022-08-12 12:44:53 +02:00
Tomasuh b189122287 Escape ? character 2022-08-12 12:44:23 +02:00
Tomasuh 75b9b7b1a9 Escape ? character 2022-08-12 12:43:58 +02:00
Tomasuh 4ccb8d9ca0 Escape question mark 2022-08-12 12:38:07 +02:00
Florian Roth 501f41e475 Merge pull request #3363 from frack113/refractor 
Update ShareName
 2022-08-12 08:43:46 +02:00
frack113 9a64b6660f Merge pull request #3338 from Tomasuh/master 
proxy_susp_flash_download_loc.yml: c-uri inst. of c-uri-query and r-dns inst of c-uri-stem, proxy_ua_susp.yml: Avoid adobe false positives
 2022-08-11 19:57:19 +02:00
frack113 3268a6c9b0 Fix ShareName 2022-08-11 19:19:07 +02:00
frack113 8cf1d92c84 Fix ShareName 2022-08-11 19:07:47 +02:00
Florian Roth 835b54c05c Merge pull request #3362 from MarkMorow/markmorow 
Create azure_privileged_account_creation.yml
 2022-08-11 18:43:32 +02:00
Florian Roth b5ebc2033e Update azure_privileged_account_creation.yml 2022-08-11 18:25:10 +02:00
Florian Roth b199e50898 Merge pull request #3358 from frack113/fix_3351 
Fix condition
 2022-08-11 18:24:43 +02:00
Florian Roth 3fd33a6e1f Merge pull request #3360 from martinspielmann/master 
Reduced False Positives for Java Running with Remote Debugging Rule
 2022-08-11 18:23:59 +02:00
Mark Morowczynski 10871396c4 Create azure_privileged_account_creation.yml 
Detects when a priv account is created
 2022-08-11 07:08:15 -07:00
Martin 41d79d4d1b Update proc_creation_win_vul_java_remote_debugging.yml 
simplified rule
 2022-08-11 13:29:15 +02:00
Martin 8da1502e5d Update proc_creation_win_vul_java_remote_debugging.yml 
For Java Running with Remote Debugging, add filtering to vulnerable jvm versions. Later jvm versions limit remote debugging access to localhost by default.
 2022-08-11 13:20:40 +02:00
phantinuss a75e9a41a2 fix: FP with office click to run 2022-08-11 09:53:25 +02:00
Tomasuh 7f86fcf89d Update to use cs-host instead of r-dns 2022-08-11 08:36:23 +02:00
Tomasuh 61c2e6b532 Update proxy_susp_flash_download_loc.yml 2022-08-11 08:33:07 +02:00
frack113 80df54d092 Fix condition 2022-08-11 06:59:01 +02:00
frack113 1b60c9b6f1 Merge pull request #3357 from MarkMorow/markmorow 
Create azure_guest_invite_failure.yml
 2022-08-11 06:40:32 +02:00
frack113 1a57509e85 Merge pull request #3346 from nasbench/nasbench-rule-devel 
Updates + New Rules
 2022-08-11 06:26:57 +02:00
frack113 634397e855 Merge pull request #3353 from nasbench/tune-fp-short-path-rules 
Fix FP - Short Path Rules
 2022-08-11 06:26:41 +02:00
frack113 4d6eda3488 Merge pull request #3348 from lawndoc/master 
BloodHound Collection Files
 2022-08-11 06:26:05 +02:00
Nasreddine Bencherchali f34a60b215 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 22:08:03 +01:00
Nasreddine Bencherchali f51547fe96 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 21:15:12 +01:00
Mark Morowczynski 8a750770cf Create azure_guest_invite_failure.yml 
Detection when a user without proper permissions attempts to invite a guest account.
 2022-08-10 11:01:40 -07:00
Nasreddine Bencherchali 3201b68004 Final update 2022-08-10 18:33:17 +01:00
Nasreddine Bencherchali 0f8ad22b9a Update proc_creation_win_susp_wmic_proc_create.yml 2022-08-10 17:53:09 +01:00
Nasreddine Bencherchali 021c297e96 Update title and description 2022-08-10 17:48:48 +01:00
Nasreddine Bencherchali 80ee1192e6 Update file_event_win_error_handler_cmd_persistence.yml 2022-08-10 17:45:25 +01:00
frack113 004409ff87 Merge pull request #3352 from MarkMorow/markmorow 
Create azure_tap_added.yml
 2022-08-10 18:40:42 +02:00
phantinuss 6d1dad51fe fix: typo in filter name 2022-08-10 18:09:55 +02:00
phantinuss b0f07faa85 fix: FP with poqexec.exe 2022-08-10 17:28:03 +02:00
phantinuss 7b9cd0e74c fix: remove TargetObject restriction bc of too many FPs 2022-08-10 17:28:02 +02:00
phantinuss 5cde4a2d7e fix: FP with Avast 2022-08-10 17:28:02 +02:00
Nasreddine Bencherchali babdecc642 Update proc_creation_win_ntfs_short_name_use_image.yml 2022-08-10 15:25:10 +01:00
Nasreddine Bencherchali 14277c5b6d Fix FP 2022-08-10 15:15:49 +01:00
Mark Morowczynski d1c5153103 Create azure_tap_added.yml 
Detection for temporary access pass (TAP) added to an account.
 2022-08-10 07:09:09 -07:00
Florian Roth c2b415601e Merge pull request #3344 from phantinuss/master 
fix: FP found in testing
 2022-08-10 14:04:37 +02:00
Nasreddine Bencherchali 405ed7e6d2 Update file_event_win_error_handler_cmd_persistence.yml 2022-08-10 13:02:08 +01:00
phantinuss 8e63a4b2e1 fix: another Win7 i386 path 2022-08-10 13:54:19 +02:00
Nasreddine Bencherchali b5c15c5137 More additions and updates 2022-08-10 12:52:49 +01:00
phantinuss 342ec1c9cc fix: FP with wrongly matching folders 2022-08-10 11:23:42 +02:00
frack113 d666a18615 Fix issue 3342 2022-08-10 07:52:50 +02:00
frack113 519e4a8f47 Fix issue 3339 2022-08-10 07:44:56 +02:00