security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,895 Commits 1 Branch 57 Tags
31ff352d6b2b3dc8a06d4e88acd0f06e21e995b5
Commit Graph

9113 Commits

Author SHA1 Message Date
Florian Roth 31ff352d6b Merge pull request #3277 from SigmaHQ/rule-devel 
refactor: driver loads, docs: description change
 2022-07-27 09:04:34 +02:00
Florian Roth 27061cd0ac refactor: windivert driver load update 2022-07-27 08:58:46 +02:00
Florian Roth c2ea6079e7 refactor: Dell driver refactoring 2022-07-27 08:52:40 +02:00
Florian Roth df8da70eb4 docs: description change 2022-07-27 08:48:44 +02:00
Florian Roth 591f715db6 Merge pull request #3275 from SigmaHQ/rule-devel 
refactor: vulnerable driver loads
 2022-07-26 18:25:05 +02:00
Florian Roth 70d84f972c Merge pull request #3272 from redsand/fp_manage_engine_elastic 
False positive when running Manage Engine and elastic
 2022-07-26 18:24:45 +02:00
Florian Roth 108bffa1ad Merge pull request #3274 from pH-T/master 
new rules: lnx susp shell exec
 2022-07-26 18:24:26 +02:00
Florian Roth 324513c90e refactor: vulnerable driver loads 2022-07-26 18:09:52 +02:00
Florian Roth 3895bdbed1 Merge pull request #3273 from SigmaHQ/rule-devel 
Vulnerable Driver Loads - Update
 2022-07-26 17:52:17 +02:00
Paul Hager ecf12bf6af new rules: lnx susp shell exec 2022-07-26 16:40:12 +02:00
Florian Roth 66679ce315 refactor: imphash winring0 2022-07-26 15:01:28 +02:00
Florian Roth da1ad54a41 refactor: vulnerable driver loads 2022-07-26 14:56:28 +02:00
Tim Shelton fb95703685 False positive when running Manage Engine and elastic 2022-07-25 21:33:39 +00:00
Florian Roth add077b8f5 Merge pull request #3270 from nasbench/nasbench-rule-dev 
Rule Update
 2022-07-25 19:03:41 +02:00
Nasreddine Bencherchali 38543ff5d9 Update proc_creation_win_lolbin_winword.yml 2022-07-25 17:53:23 +01:00
Florian Roth e170be9f45 Merge pull request #3269 from nasbench/windowsTerminal-persistence 
WindowsTerminal Rule
 2022-07-25 18:26:20 +02:00
Nasreddine Bencherchali 236587ee7a Rule Update 2022-07-25 16:50:19 +01:00
Nasreddine Bencherchali f897cae1b0 Create proc_creation_win_windows_terminal_susp_children.yml 2022-07-25 15:54:21 +01:00
Nasreddine Bencherchali 524ea4bfeb Fix typo 2022-07-25 11:12:00 +01:00
Florian Roth e1afd68f40 docs: wording 2022-07-25 10:22:36 +02:00
Florian Roth 7d875ed05c Merge pull request #3267 from SigmaHQ/rule-devel 
rule: vulnerable gigabyte driver load
 2022-07-25 10:21:34 +02:00
Florian Roth 2cbdd50927 rule: vulnerable gigabyte driver load 2022-07-25 10:08:05 +02:00
Florian Roth 4af35c6794 Merge pull request #3263 from RomaissaAdjailia/master 
Suspicious processes Started From PSExec service
 2022-07-25 07:50:52 +02:00
Florian Roth b1c1650897 Merge pull request #3265 from nasbench/pdq-deploy 
PDQDeploy Rules
 2022-07-23 15:23:23 +02:00
Nasreddine Bencherchali e7951c26fd Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 13:04:27 +01:00
Nasreddine Bencherchali 2b96def495 Add more stuff 2022-07-23 13:03:56 +01:00
Florian Roth 402f171a89 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 12:08:29 +02:00
Florian Roth 70b352f05f Merge pull request #3266 from SigmaHQ/rule-devel 
PPID spoofing tools, improved other rule
 2022-07-23 11:28:22 +02:00
Florian Roth 6d537dbdd5 refactor: new PSEXEC related rule ideas 2022-07-23 11:27:29 +02:00
Florian Roth 06dac9f4a1 Update proc_creation_suspicious_process_started_from_psexec.yml 2022-07-23 11:01:21 +02:00
Florian Roth 6a3bfb57c0 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 10:45:36 +02:00
Florian Roth 5833e636d8 rule: process id spoofers 2022-07-23 10:37:57 +02:00
Nasreddine Bencherchali d348e17fd9 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-22 23:55:21 +01:00
Nasreddine Bencherchali 075906dbc2 PDQDeploy Rules 2022-07-22 23:52:34 +01:00
ROMAISSA Adjailia 1b52ff43af Update proc_creation_suspicious_process_started_from_psexec.yml 2022-07-22 23:26:53 +01:00
Florian Roth ff6384aabb Merge pull request #3262 from redsand/improvement_add_additional_useragent 
Feature improvement to add an additional known user agent seen in the…
 2022-07-22 21:07:03 +02:00
Florian Roth c79715049d refactor: improved susp com rule 2022-07-22 12:47:54 +02:00
Florian Roth 8f36f332fc Merge pull request #3264 from nasbench/persistence-methods 
New Persistence Rules
 2022-07-22 10:01:46 +02:00
Florian Roth d31c47e79a exclude changes by legitimate programs 2022-07-22 08:15:42 +02:00
Florian Roth 5cd2eaff99 Merge pull request #3260 from greg-workspace/master 
Detect RipZip attack
 2022-07-22 08:12:41 +02:00
Nasreddine Bencherchali eaa8167052 Fix FP 2022-07-21 22:23:11 +01:00
Nasreddine Bencherchali 2d28590ec3 Update registry_set_sip_persistence.yml 2022-07-21 21:50:46 +01:00
Nasreddine Bencherchali 16bcfd1c8b Fix FP 2022-07-21 21:46:34 +01:00
Nasreddine Bencherchali 4fa86ca772 Update registry_set_mpnotify_persistence.yml 2022-07-21 21:25:14 +01:00
Nasreddine Bencherchali f1673d13a6 Update proc_creation_win_susp_psexex_paexec_escalate_system.yml 2022-07-21 21:24:16 +01:00
Nasreddine Bencherchali ee2dd212a7 Update registry_set_ifilter_persistence.yml 2022-07-21 21:22:53 +01:00
Nasreddine Bencherchali 4e9e5450eb Update proc_creation_win_susp_psexex_paexec_escalate_system.yml 2022-07-21 21:20:25 +01:00
Nasreddine Bencherchali a949fecb1c Persistence Rules 2022-07-21 21:13:10 +01:00
RomaissaAdjailia 3b91308d16 update 2022-07-21 20:34:18 +01:00
Florian Roth f71504fb3f Merge pull request #3261 from SigmaHQ/rule-devel 
Some rule improvements
 2022-07-21 21:34:09 +02:00