security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,954 Commits 1 Branch 57 Tags
3413df8652d2e11fcd47465307a75243f2e88554
Commit Graph

3349 Commits

Author SHA1 Message Date
Florian Roth 777d0f39a1 Merge pull request #3290 from pH-T/master 
new rule: browser remote debugging
 2022-07-28 21:11:26 +02:00
Nasreddine Bencherchali dabc74af0c Qbot rules 2022-07-28 19:33:09 +02:00
Florian Roth 623a3a6430 Merge pull request #3288 from nasbench/avast-vuln-driver 
Avast vuln driver
 2022-07-28 17:41:30 +02:00
Paul Hager 571e82ef3c new rules: browser remote debugging 2022-07-28 15:48:59 +02:00
Nasreddine Bencherchali d4c0c79ee4 Create proc_creation_win_susp_new_kernel_driver_via_sc.yml 2022-07-28 12:40:26 +01:00
Nasreddine Bencherchali 06ae038add Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 10:28:57 +01:00
Nasreddine Bencherchali bc5bc9fcdf Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:49:12 +01:00
Nasreddine Bencherchali 5b3b87581d Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:41:53 +01:00
Nasreddine Bencherchali 0038ead60d Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:39:33 +01:00
Nasreddine Bencherchali d2401304d4 Update proc_creation_win_schtasks_appdata_local_system.yml 2022-07-28 01:28:06 +01:00
Nasreddine Bencherchali df524d8592 Update 3 2022-07-28 01:05:04 +01:00
Nasreddine Bencherchali 9d958dbf94 Updates 2 2022-07-28 00:38:33 +01:00
Nasreddine Bencherchali d13cba8c4b Updates 2022-07-27 23:41:11 +01:00
Nasreddine Bencherchali ff6e991346 Delete duplicate rule + merge 2022-07-27 22:53:58 +01:00
Nasreddine Bencherchali 88e395aca4 Renamed SelectMyParent Rule 2022-07-27 22:43:49 +01:00
Tareq Alkhatib 416cc5f26b Typo Fix. Added additional reference 2022-07-27 10:27:46 -04:00
Florian Roth 1fcdeffada Merge pull request #3283 from Yaxxine7/master 
Replace commandline by parentcommandline and add fp
 2022-07-27 15:08:35 +02:00
Florian Roth 1b824982ed fix: wrong modifier 2022-07-27 14:58:27 +02:00
Florian Roth 9da0386119 make filter more generic 2022-07-27 14:58:02 +02:00
Florian Roth f5571b65af Merge pull request #3279 from SigmaHQ/rule-devel 
refactor: UACME Akagi
 2022-07-27 14:56:16 +02:00
Yaxxine7 706a83868c Replace commandline by parentcommandline and add fp 2022-07-27 14:37:58 +02:00
Nasreddine Bencherchali f80d8a83da Fix typos 2022-07-27 12:52:51 +01:00
Florian Roth ff6cea7ae5 fix: another list with 1 element 2022-07-27 12:14:18 +02:00
Florian Roth b8700b7a72 fix: list with 1 element 2022-07-27 11:51:34 +02:00
phantinuss 0bd33e9944 add UACMe reference Id 2022-07-27 11:13:48 +02:00
frack113 884b2fc3b7 Update title 2022-07-27 11:08:55 +02:00
Florian Roth 994d81162f refactor: UACME Akagi 2022-07-27 10:59:15 +02:00
frack113 bbf07649b1 MS Update FP 2022-07-27 08:09:11 +02:00
Florian Roth 70d84f972c Merge pull request #3272 from redsand/fp_manage_engine_elastic 
False positive when running Manage Engine and elastic
 2022-07-26 18:24:45 +02:00
Tim Shelton fb95703685 False positive when running Manage Engine and elastic 2022-07-25 21:33:39 +00:00
Florian Roth add077b8f5 Merge pull request #3270 from nasbench/nasbench-rule-dev 
Rule Update
 2022-07-25 19:03:41 +02:00
Nasreddine Bencherchali 38543ff5d9 Update proc_creation_win_lolbin_winword.yml 2022-07-25 17:53:23 +01:00
Florian Roth e170be9f45 Merge pull request #3269 from nasbench/windowsTerminal-persistence 
WindowsTerminal Rule
 2022-07-25 18:26:20 +02:00
Nasreddine Bencherchali 236587ee7a Rule Update 2022-07-25 16:50:19 +01:00
Nasreddine Bencherchali f897cae1b0 Create proc_creation_win_windows_terminal_susp_children.yml 2022-07-25 15:54:21 +01:00
Florian Roth 4af35c6794 Merge pull request #3263 from RomaissaAdjailia/master 
Suspicious processes Started From PSExec service
 2022-07-25 07:50:52 +02:00
Florian Roth b1c1650897 Merge pull request #3265 from nasbench/pdq-deploy 
PDQDeploy Rules
 2022-07-23 15:23:23 +02:00
Nasreddine Bencherchali e7951c26fd Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 13:04:27 +01:00
Nasreddine Bencherchali 2b96def495 Add more stuff 2022-07-23 13:03:56 +01:00
Florian Roth 402f171a89 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 12:08:29 +02:00
Florian Roth 6d537dbdd5 refactor: new PSEXEC related rule ideas 2022-07-23 11:27:29 +02:00
Florian Roth 06dac9f4a1 Update proc_creation_suspicious_process_started_from_psexec.yml 2022-07-23 11:01:21 +02:00
Florian Roth 6a3bfb57c0 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-23 10:45:36 +02:00
Florian Roth 5833e636d8 rule: process id spoofers 2022-07-23 10:37:57 +02:00
Nasreddine Bencherchali d348e17fd9 Update proc_creation_win_pdqdeploy_runner_susp_children.yml 2022-07-22 23:55:21 +01:00
Nasreddine Bencherchali 075906dbc2 PDQDeploy Rules 2022-07-22 23:52:34 +01:00
ROMAISSA Adjailia 1b52ff43af Update proc_creation_suspicious_process_started_from_psexec.yml 2022-07-22 23:26:53 +01:00
Florian Roth 8f36f332fc Merge pull request #3264 from nasbench/persistence-methods 
New Persistence Rules
 2022-07-22 10:01:46 +02:00
Nasreddine Bencherchali f1673d13a6 Update proc_creation_win_susp_psexex_paexec_escalate_system.yml 2022-07-21 21:24:16 +01:00
Nasreddine Bencherchali 4e9e5450eb Update proc_creation_win_susp_psexex_paexec_escalate_system.yml 2022-07-21 21:20:25 +01:00