security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,978 Commits 1 Branch 57 Tags
2ecf9ec7e16707513524c2f3c82fa471663cacad
Commit Graph

178 Commits

Author SHA1 Message Date
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
frack113 823cf26633 Merge pull request #3356 from Zandmann/patch-3 
Create BPF_Door_port_redirect.yml
 2022-08-13 10:34:38 +02:00
Zandmann 1339317b16 Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-12 21:41:35 +02:00
Zandmann 5bc4b2de27 Update lnx_auditd_bpfdoor_file_accessed.yml 2022-08-12 21:39:11 +02:00
Zandmann 1d6199494d Update lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:51:48 +02:00
Zandmann a3dcc61eac Rename lnx_auditd_BPF_Door_port_redirect.yml to lnx_auditd_bpfdoor_port_redirect.yml 2022-08-11 19:34:43 +02:00
Zandmann 28ee157216 Rename lnx_auditd_BPFDoor_file_accessed.yml to lnx_auditd_bpfdoor_file_accessed.yml 2022-08-11 19:32:17 +02:00
Zandmann 35d69a5a4b Update and rename BPF_Door_port_redirect.yml to lnx_auditd_BPF_Door_port_redirect.yml 2022-08-11 19:04:17 +02:00
Zandmann f001d35c8b Update and rename BPFDoor_abnormal_process_id_or_lock_file_accessed.yml to lnx_auditd_BPFDoor_file_accessed.yml 2022-08-11 18:59:58 +02:00
Zandmann 327a2b7e7b Create BPF_Door_port_redirect.yml 
BPFDoor ports redirect for evasion
 2022-08-10 19:14:14 +02:00
Zandmann a1b9065a19 Create BPFDoor_abnormal_process_id_or_lock_file_accessed.yml 
detection for BPFDoor IoC files run from temporary file storage
 2022-08-10 19:12:35 +02:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
securepeacock ecdd32c462 Update lnx_auditd_hidden_files_directories.yml 
Fixing typo.
 2022-06-29 13:24:24 -04:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali 5bf7b49671 Renamed More Rules 2022-06-14 19:28:27 +01:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
zakibro 7a33aac1ed Update lnx_auditd_keylogging_with_pam_d.yml 
adding missing uuid
 2022-05-24 17:15:54 +02:00
zakibro 89d88288d6 New detection - Linux Keylogging 2022-05-24 17:05:38 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
phantinuss 8d3f8acb60 fix: none --> Unknown 2022-03-16 14:19:21 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
Rafael Teixeira 09aa506059 Updated modified date 2022-02-22 12:48:41 -03:00
Rafael Teixeira 6ff13ddf68 Added root user files 2022-02-21 10:15:48 -03:00
frack113 ff9ecf395f Fix detection 2022-02-06 19:16:27 +01:00
zakibro d5257f9a05 Update lnx_auditd_systemd_service_creation.yml 
fixing logic
 2022-02-04 12:15:36 +01:00
Pawel Mazur fede3b1183 Auditd rule - Systemd Service Creation 2022-02-03 20:31:07 +01:00
zakibro c1c5ed0db7 Update lnx_auditd_cve_2021_4034.yml 2022-01-27 12:55:22 +01:00
zakibro bd9b5172cd Update lnx_auditd_cve_2021_4034.yml 2022-01-27 12:44:53 +01:00
Pawel Mazur c924977576 Adding auditd rule for CVE-2021-4034 2022-01-27 12:36:19 +01:00
Pawel Mazur bbdfb79bc0 Adding new linux auditd rule - Disable Dystem Firewall 2022-01-22 15:12:24 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
Pawel Mazur 6e43a294a2 Linux Auditd - Discovery of Capabilities files 2021-11-28 16:48:37 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Pawel Mazur 87f64e28fd Adding New Linux Auditd rule - Data Exfil with Wget 2021-11-18 18:03:17 +01:00
Florian Roth 645292d945 removed contributor, added to authors 2021-11-12 19:44:50 +01:00
Pawel Mazur 07a3e3e234 Making the Password Policy Discovery rule more resilient by adding detection for specific commands 2021-11-12 16:18:29 +01:00
frack113 c2ef681e86 fix modified 2021-11-11 10:26:08 +01:00
frack113 bd3358d33c Fix auditd field name 2021-11-11 10:13:48 +01:00
zakibro 30f13d41f5 Update lnx_auditd_load_module_insmod.yml 
fixing missing date
 2021-11-02 17:16:59 +01:00
Pawel Mazur dd7817917c Linux - Auditd - Loading of Kernel Module via Insmod rule 2021-11-02 17:04:39 +01:00
frack113 f8574fcd81 Add cve tags 2021-10-25 18:40:50 +02:00
Florian Roth 6c4e24d0de rule: coin miner param --cpu-priority 2021-10-09 10:28:16 +02:00
frack113 e666b7e1db Merge pull request #2116 from zakibro/master 
New Rule - Linux - Auditd - Clipboard Collection of Image Data with X…
 2021-10-02 11:06:24 +02:00
zakibro c2a26923c6 Update lnx_auditd_clipboard_image_collection.yml 2021-10-02 09:59:37 +02:00
zakibro d40b42fc2c Update lnx_auditd_clipboard_image_collection.yml 
fixing a typo
 2021-10-01 18:54:12 +02:00