security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,527 Commits 1 Branch 57 Tags
35dabc529cd9b4b46ff7dca0f13d3be552c3d598
Commit Graph

4370 Commits

Author SHA1 Message Date
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
phantinuss 32c89da010 fix: FPs in testing environment 2023-01-25 16:23:10 +01:00
frack113 f7b159350d Merge pull request #3954 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-01-25 13:21:44 +01:00
Nasreddine Bencherchali 9e2c01521a fix: broken condition 2023-01-24 16:54:15 +01:00
Nasreddine Bencherchali 9a03e4e13d fix: fp found in testing 2023-01-24 16:51:37 +01:00
Nasreddine Bencherchali d7bf5383a4 feat: update wsl related rules and other 2023-01-24 16:50:53 +01:00
phantinuss a41a374901 fix: FPs found in testing environment 2023-01-24 10:30:43 +01:00
Nasreddine Bencherchali fb1dcc1340 Merge pull request #3950 from nasbench/nasbench-rule-devel 
feat: updates and new rules
 2023-01-23 14:03:43 +01:00
Nasreddine Bencherchali e3f7feeb65 fix: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-23 13:38:23 +01:00
phantinuss 628f616dbe fix: sharpen regex to not match default windows rundll32 usage 2023-01-23 12:57:50 +01:00
Nasreddine Bencherchali 58fbe4a100 feat: update wsl lolbin 2023-01-23 01:05:28 +01:00
Nasreddine Bencherchali 2f6161619b fix: add missing filter 2023-01-22 23:45:22 +01:00
Nasreddine Bencherchali 47fa1dff54 fix: fp with iissetup 2023-01-22 23:41:56 +01:00
Nasreddine Bencherchali f2cf68cf14 fix: broken condition 2023-01-22 23:32:14 +01:00
Nasreddine Bencherchali 1c2b6f40a6 feat: updates and new rules 2023-01-22 23:31:02 +01:00
frack113 f25ad0f1a3 Merge pull request #3949 from frack113/import_module_dll 
Import module dll
 2023-01-22 20:54:00 +01:00
Nasreddine Bencherchali c9b230de6d feat: update pwsh ad module rules 2023-01-22 20:07:42 +01:00
frack113 40592f463f Add Microsoft.ActiveDirectory.Management.dll 2023-01-22 19:34:09 +01:00
frack113 75c01db53b Add import_module dll 2023-01-22 17:38:59 +01:00
Florian Roth a11051447e Merge pull request #3948 from SigmaHQ/rule-devel 
doc: adding another reference
 2023-01-22 11:18:59 +01:00
Florian Roth e95f0d03b4 doc: adding another reference 2023-01-22 11:03:59 +01:00
Florian Roth 1820b04917 Merge pull request #3947 from SigmaHQ/rule-devel 
docs: authors extended
 2023-01-22 11:02:31 +01:00
Florian Roth f2d633ad1a docs: authors extended 2023-01-22 10:57:11 +01:00
Florian Roth 9739cb1c69 Merge pull request #3946 from SigmaHQ/rule-devel 
rule: susp svchost sub process
 2023-01-22 10:32:06 +01:00
Nasreddine Bencherchali f1c9112413 fix: update filename 2023-01-22 01:04:27 +01:00
Nasreddine Bencherchali a530e7ad36 fix: add more detail 2023-01-22 01:00:55 +01:00
Florian Roth 52a4985dce rule: susp svchost sub process 2023-01-21 23:45:22 +01:00
Nasreddine Bencherchali ecaf89dd91 fix: fp with powercat 2023-01-21 18:15:37 +01:00
frack113 63045048e3 Merge pull request #3910 from cyb3rjy0t/patch-3 
ADS stored DLL execution using Rundll32
 2023-01-21 13:24:22 +01:00
Nasreddine Bencherchali 585f3a2f36 fix: update regex 2023-01-21 13:02:11 +01:00
Nasreddine Bencherchali 72fe5040f9 Merge pull request #3944 from nasbench/nasbench-rule-devel 
feat: new rules and fp fixes
 2023-01-21 12:46:46 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali 9f3537498c fix: remove net 2023-01-21 11:28:27 +01:00
Nasreddine Bencherchali 2ad9d65f75 fix: filter and add missing modified 2023-01-21 11:26:13 +01:00
Nasreddine Bencherchali 933cd0df7d fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-21 11:23:17 +01:00
Florian Roth 9aeb191999 Merge branch 'master' into rule-devel 2023-01-21 08:55:12 +01:00
Florian Roth 8c14f9cddb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2023-01-21 08:55:06 +01:00
Florian Roth 18600eaef4 refactor: extended some exploitation rules - sub procs 
https://twitter.com/skept1kal/status/1616647571904020481
 2023-01-21 08:55:04 +01:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali a98698f6a8 fix: apply suggestions from code review 2023-01-20 10:04:48 +01:00
Nasreddine Bencherchali bfcbc1adbc Merge pull request #3937 from nasbench/nasbench-rule-devel 
feat: fp fixes and enhancements
 2023-01-20 10:03:54 +01:00
Nasreddine Bencherchali f9aa98b438 Merge pull request #3939 from tropChaud/patch-2 
Update and rename proc_creation_win_sqlite_firefox_cookies.yml to pro…
 2023-01-20 10:03:40 +01:00
frack113 6de42e0996 Update proc_creation_win_sqlite_firefox_gecko_profile_data.yml 2023-01-20 09:57:09 +01:00
Nasreddine Bencherchali 4d44aa01dd fix: update description 2023-01-20 09:51:26 +01:00
Nasreddine Bencherchali 51b5f6883b fix: update description 2023-01-20 09:51:15 +01:00
Nasreddine Bencherchali 6d6721ba24 fix: reposition selection for readability 2023-01-20 09:46:24 +01:00
IntelScott 8a0cc0880d Update and rename proc_creation_win_sqlite_firefox_cookies.yml to proc_creation_win_sqlite_firefox_gecko_profile_data.yml 
Updated logic to expand database file coverage

Updated description to clarify this logic applies to other Gecko-based browsers too, as targeted recently by some stealers
 2023-01-19 17:55:12 -05:00
IntelScott 0630d0d01f Update and rename proc_creation_win_sqlite_chrome_cookies.yml to proc_creation_win_sqlite_chromium_profile_data.yml 
Updated to expand browser and database file coverage
 2023-01-19 17:52:30 -05:00