security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,212 Commits 1 Branch 57 Tags
2ea7fc0c51ffa01ccfa1a1ece2c8d3d270b830a1
Commit Graph

3434 Commits

Author SHA1 Message Date
Florian Roth b199e50898 Merge pull request #3358 from frack113/fix_3351 
Fix condition
 2022-08-11 18:24:43 +02:00
Martin 41d79d4d1b Update proc_creation_win_vul_java_remote_debugging.yml 
simplified rule
 2022-08-11 13:29:15 +02:00
Martin 8da1502e5d Update proc_creation_win_vul_java_remote_debugging.yml 
For Java Running with Remote Debugging, add filtering to vulnerable jvm versions. Later jvm versions limit remote debugging access to localhost by default.
 2022-08-11 13:20:40 +02:00
frack113 80df54d092 Fix condition 2022-08-11 06:59:01 +02:00
frack113 1a57509e85 Merge pull request #3346 from nasbench/nasbench-rule-devel 
Updates + New Rules
 2022-08-11 06:26:57 +02:00
frack113 634397e855 Merge pull request #3353 from nasbench/tune-fp-short-path-rules 
Fix FP - Short Path Rules
 2022-08-11 06:26:41 +02:00
Nasreddine Bencherchali f34a60b215 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 22:08:03 +01:00
Nasreddine Bencherchali f51547fe96 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 21:15:12 +01:00
Nasreddine Bencherchali 3201b68004 Final update 2022-08-10 18:33:17 +01:00
Nasreddine Bencherchali 0f8ad22b9a Update proc_creation_win_susp_wmic_proc_create.yml 2022-08-10 17:53:09 +01:00
Nasreddine Bencherchali 021c297e96 Update title and description 2022-08-10 17:48:48 +01:00
phantinuss 5cde4a2d7e fix: FP with Avast 2022-08-10 17:28:02 +02:00
Nasreddine Bencherchali babdecc642 Update proc_creation_win_ntfs_short_name_use_image.yml 2022-08-10 15:25:10 +01:00
Nasreddine Bencherchali 14277c5b6d Fix FP 2022-08-10 15:15:49 +01:00
Florian Roth c2b415601e Merge pull request #3344 from phantinuss/master 
fix: FP found in testing
 2022-08-10 14:04:37 +02:00
phantinuss 8e63a4b2e1 fix: another Win7 i386 path 2022-08-10 13:54:19 +02:00
Nasreddine Bencherchali b5c15c5137 More additions and updates 2022-08-10 12:52:49 +01:00
frack113 d666a18615 Fix issue 3342 2022-08-10 07:52:50 +02:00
Nasreddine Bencherchali b7e5e128c7 Update proc_creation_win_disable_service.yml 2022-08-09 18:42:39 +01:00
Nasreddine Bencherchali b905df6bc7 Updates + New Rules 2022-08-09 18:35:45 +01:00
phantinuss df4b8eadbf fix: FP in testing 2022-08-09 18:34:53 +02:00
phantinuss 68a768f829 Merge pull request #3335 from nasbench/nasbench-rule-devel 
Update Ntfs Short Name rule
 2022-08-09 17:53:05 +02:00
Nasreddine Bencherchali f5d0753167 Add extensions 2022-08-09 16:05:36 +01:00
frack113 f1eba85780 Add short name path 2022-08-07 08:37:58 +02:00
Nasreddine Bencherchali be896d1013 rename rule 2022-08-06 18:43:59 +01:00
Nasreddine Bencherchali 3388b675ac Create proc_creation_win_ntfs_short_name_use_image.yml 2022-08-06 18:43:33 +01:00
frack113 c38bfe86da Add short path and Image 2022-08-06 11:25:44 +02:00
frack113 7553a98be0 Merge pull request #3328 from frack113/legacy_short_name 
Add proc_creation_win_shortname_use.yml
 2022-08-06 07:41:12 +02:00
Florian Roth 8041ab5130 Merge pull request #3325 from nasbench/nasbench-rule-devel 
Update+New Rules
 2022-08-05 23:42:09 +02:00
Nasreddine Bencherchali b4472132a4 Fix after review 2022-08-05 18:40:12 +01:00
Nasreddine Bencherchali f704feaf69 New Rules 2022-08-05 17:11:42 +01:00
Nasreddine Bencherchali 9ef9103368 Update PowerShell + other rules 2022-08-05 17:10:41 +01:00
frack113 cb5c245a3a Add proc_creation_win_shortname_use.yml 2022-08-05 12:04:00 +02:00
Nasreddine Bencherchali d259f9400e Update 2022-08-05 10:18:07 +01:00
Florian Roth d5f7de1314 Merge pull request #3324 from SigmaHQ/rule-devel 
Suspicious IIS Registration, Plink refactoring, remove Github compromise rules
 2022-08-05 09:39:41 +02:00
Nasreddine Bencherchali 07e55593c3 Update some registry rules 2022-08-05 00:39:32 +01:00
Nasreddine Bencherchali 23052b8b19 Update proc_creation_win_susp_copy_system32.yml 2022-08-04 19:43:36 +01:00
Nasreddine Bencherchali 751fbd7a2e Update proc_creation_win_susp_calc.yml 2022-08-04 19:36:07 +01:00
Nasreddine Bencherchali be40827c9b Update proc_creation_win_susp_calc.yml 2022-08-04 19:28:28 +01:00
Nasreddine Bencherchali 307f9c6a35 New rules 2022-08-04 19:11:16 +01:00
Nasreddine Bencherchali d6a2c13738 Update rules (desc, selection, logic) 2022-08-04 18:08:08 +01:00
Florian Roth 7b6e92afca fix: attack tag 2022-08-04 18:51:44 +02:00
Nasreddine Bencherchali fe2e279cfa Add more comsvcs variations 
Based on this https://twitter.com/Wietze/status/1542107456507203586
 2022-08-04 16:18:51 +01:00
Nasreddine Bencherchali 6d66ed6267 Update description + Missing related field 2022-08-04 15:57:18 +01:00
Florian Roth 14dba5ba8b refactor: plink usage / tunneling 2022-08-04 16:54:15 +02:00
Florian Roth d535ff34b9 rule: Suspicious IIS module installation 2022-08-04 15:27:47 +02:00
Florian Roth d46d89e403 Merge pull request #3315 from nasbench/nasbench-rule-devel 
New Rules + Update
 2022-08-04 13:34:26 +02:00
Nasreddine Bencherchali 0e133f7d58 Additional updates 2022-08-04 11:53:09 +01:00
Nasreddine Bencherchali 83451b3e6d Update proc_creation_win_exfil_data_via_cli.yml 2022-08-04 10:58:56 +01:00
Nasreddine Bencherchali 8e08ff3060 Fix 2022-08-04 10:58:34 +01:00