security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,954 Commits 1 Branch 57 Tags
3413df8652d2e11fcd47465307a75243f2e88554
Commit Graph

9168 Commits

Author SHA1 Message Date
phantinuss 74aaeb6833 fix: FPs found in testing environment 2022-07-29 13:17:15 +02:00
Borna Talebi d5eafc49e2 Sysmon driver altitude change 2022-07-29 08:34:25 +02:00
Florian Roth 777d0f39a1 Merge pull request #3290 from pH-T/master 
new rule: browser remote debugging
 2022-07-28 21:11:26 +02:00
frack113 452e924c06 Add file_event_win_susp_double_extension 2022-07-28 20:51:36 +02:00
MikeDuddington 7072f62991 additional detections for Azure AD 2022-07-28 19:44:51 +02:00
Nasreddine Bencherchali dabc74af0c Qbot rules 2022-07-28 19:33:09 +02:00
Florian Roth 623a3a6430 Merge pull request #3288 from nasbench/avast-vuln-driver 
Avast vuln driver
 2022-07-28 17:41:30 +02:00
Florian Roth 28f8986f7a Merge pull request #3286 from nasbench/nasbench-rule-dev 
Update & Fixes
 2022-07-28 16:35:19 +02:00
Paul Hager 571e82ef3c new rules: browser remote debugging 2022-07-28 15:48:59 +02:00
Nasreddine Bencherchali 0d8dba5200 Update driver_load_susp_temp_use.yml 2022-07-28 12:40:30 +01:00
Nasreddine Bencherchali d4c0c79ee4 Create proc_creation_win_susp_new_kernel_driver_via_sc.yml 2022-07-28 12:40:26 +01:00
Nasreddine Bencherchali 2420c98959 Create driver_load_vuln_avast_anti_rootkit_driver.yml 2022-07-28 12:40:23 +01:00
Nasreddine Bencherchali 06ae038add Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 10:28:57 +01:00
frack113 4aed58b0b7 Persistence appx 2022-07-28 07:04:53 +02:00
MikeDuddington c0cb0d739b Create azure_guest_to_member.yml 2022-07-28 07:04:13 +02:00
Nasreddine Bencherchali bc5bc9fcdf Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:49:12 +01:00
Nasreddine Bencherchali 5b3b87581d Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:41:53 +01:00
Nasreddine Bencherchali 0038ead60d Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:39:33 +01:00
Nasreddine Bencherchali d2401304d4 Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:28:06 +01:00
Nasreddine Bencherchali df524d8592 Update 3 2022-07-28 01:05:04 +01:00
Nasreddine Bencherchali 9d958dbf94 Updates 2 2022-07-28 00:38:33 +01:00
Nasreddine Bencherchali d13cba8c4b Updates 2022-07-27 23:41:11 +01:00
Nasreddine Bencherchali ff6e991346 Delete duplicate rule + merge 2022-07-27 22:53:58 +01:00
Nasreddine Bencherchali 88e395aca4 Renamed SelectMyParent Rule 2022-07-27 22:43:49 +01:00
Tareq Alkhatib 416cc5f26b Typo Fix. Added additional reference 2022-07-27 10:27:46 -04:00
Florian Roth 1fcdeffada Merge pull request #3283 from Yaxxine7/master 
Replace commandline by parentcommandline and add fp
 2022-07-27 15:08:35 +02:00
Florian Roth 1b824982ed fix: wrong modifier 2022-07-27 14:58:27 +02:00
Florian Roth 9da0386119 make filter more generic 2022-07-27 14:58:02 +02:00
Florian Roth 30ad5d2c44 Merge pull request #3278 from frack113/fp_aurora 
file_access_win_browser_credential_stealing FP
 2022-07-27 14:56:30 +02:00
Florian Roth f5571b65af Merge pull request #3279 from SigmaHQ/rule-devel 
refactor: UACME Akagi
 2022-07-27 14:56:16 +02:00
Florian Roth 050e605cba Merge pull request #3281 from nasbench/nasbench-rule-dev 
Fix typos
 2022-07-27 14:56:04 +02:00
Yaxxine7 706a83868c Replace commandline by parentcommandline and add fp 2022-07-27 14:37:58 +02:00
phantinuss b40d9951c4 fix: FP found in testing 2022-07-27 14:18:29 +02:00
phantinuss dbfd439ce4 fix: too many FPs 
with e.g. =select-billing-address and many more
 2022-07-27 14:18:29 +02:00
Nasreddine Bencherchali f80d8a83da Fix typos 2022-07-27 12:52:51 +01:00
Florian Roth ff6cea7ae5 fix: another list with 1 element 2022-07-27 12:14:18 +02:00
Florian Roth b8700b7a72 fix: list with 1 element 2022-07-27 11:51:34 +02:00
phantinuss e7a4a71e33 Merge pull request #3280 from frack113/computerdefaults 
Update title
 2022-07-27 11:24:24 +02:00
phantinuss 0bd33e9944 add UACMe reference Id 2022-07-27 11:13:48 +02:00
frack113 884b2fc3b7 Update title 2022-07-27 11:08:55 +02:00
Florian Roth 4b326181a8 Merge pull request #3255 from Corissalea/master 
Adding CA Policy Removed Sec Ops Rule
 2022-07-27 10:59:29 +02:00
Florian Roth 994d81162f refactor: UACME Akagi 2022-07-27 10:59:15 +02:00
frack113 90b505a275 System FP 2022-07-27 10:52:08 +02:00
Florian Roth 29ab0cda08 Update azure_aad_secops_ca_policy_updatedby_bad_actor.yml 2022-07-27 10:43:44 +02:00
Florian Roth 9f65836403 Update azure_aad_secops_ca_policy_removedby_bad_actor.yml 2022-07-27 10:43:27 +02:00
Florian Roth 57c87e16cf fix: wrong fields 2022-07-27 10:34:11 +02:00
Florian Roth 48d1a0bccc Merge pull request #3276 from frack113/aurora_fp 
Aurora fp
 2022-07-27 09:05:15 +02:00
Florian Roth 31ff352d6b Merge pull request #3277 from SigmaHQ/rule-devel 
refactor: driver loads, docs: description change
 2022-07-27 09:04:34 +02:00
Florian Roth 27061cd0ac refactor: windivert driver load update 2022-07-27 08:58:46 +02:00
Florian Roth c2ea6079e7 refactor: Dell driver refactoring 2022-07-27 08:52:40 +02:00