security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,590 Commits 1 Branch 57 Tags
470d64e66cb1114341eded853155ceed2bc17835
Commit Graph

4304 Commits

Author SHA1 Message Date
Cyb3rEng 470d64e66c Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:28:34 -06:00
Cyb3rEng e0e1396dff Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:26:44 -06:00
Cyb3rEng e7c7e4c061 Updated Rule 
Detection changed to #useful_information
 2021-08-31 22:24:28 -06:00
Cyb3rEng f2b8b83fe3 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:23:45 -06:00
Cyb3rEng 0d2257fb19 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:22:01 -06:00
Cyb3rEng 1b9a0c4a01 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:20:17 -06:00
Cyb3rEng c5507658c0 Updated Rule 
updated title
 2021-08-31 22:13:31 -06:00
Cyb3rEng d309784e58 Updated Rule 
Modified Title
 2021-08-31 22:12:34 -06:00
Cyb3rEng 93334878f5 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section.
 2021-08-31 22:09:57 -06:00
Cyb3rEng 785fc98ee3 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 22:05:10 -06:00
Cyb3rEng d5f73a8910 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 22:03:31 -06:00
Cyb3rEng fa3b882fdc Updated Rule 
Removed " " from falsepositives section
 2021-08-31 21:58:50 -06:00
Cyb3rEng c7c49c55d2 Updated Rule 
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 21:58:09 -06:00
Cyb3rEng d5fa226180 Updated Rule 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 21:54:32 -06:00
Cyb3rEng 900f71e6b2 Rule Update Review 
Completed the following updates on the rule:
- Modified the title
- incremented 4 spaces for references and tags
- updated false positives
- updated author
- updated description in detection section. 
- Removed the service: Sysmon, updated selection1.
 2021-08-31 21:50:44 -06:00
Cyb3rEng e913032865 Add files via upload 2021-08-30 21:50:16 -06:00
Cyb3rEng 6c9b2a2f37 Add files via upload 2021-08-30 21:48:03 -06:00
Cyb3rEng 5508ff45b6 Add files via upload 2021-08-30 21:47:36 -06:00
Florian Roth 36a227796a Merge pull request #1945 from SigmaHQ/rule-devel 
rules: cobalt strike rules refactored
 2021-08-30 15:48:01 +02:00
Florian Roth 98de92ceaf refactor: global rule match on system and security 2021-08-30 15:17:53 +02:00
Florian Roth 1ded4eb913 rules: cobalt strike rules refactored 2021-08-30 15:10:30 +02:00
frack113 4c414b2e8b fix Base backend doesn't support multiple conditions (33) 2021-08-29 08:52:54 +02:00
frack113 970dfa2f92 Merge pull request #1938 from EvanYu0816/upstream-fixes 
Fix Pass the Hash and NotPetya Ransomware rule
 2021-08-28 21:02:04 +02:00
frack113 a7456d4d6c Merge pull request #1940 from frack113/fix_ps_fp 
Powershell correction
 2021-08-28 20:48:07 +02:00
frack113 3e355c64db Merge pull request #1939 from SigmaHQ/rule-devel 
rule: UAC bypass by mocking dirs
 2021-08-28 20:47:27 +02:00
frack113 68237dffc4 fix HostApplication 2021-08-28 08:18:47 +02:00
frack113 ef6e0c5a4c Fix error and FP 2021-08-28 08:02:16 +02:00
Florian Roth f78225c394 rule: UAC bypass by mocking dirs 2021-08-27 18:12:21 +02:00
Evan Yu 178d82e9cd Fix NotPetya Ransomware rule 2021-08-27 11:53:50 -04:00
Evan Yu 8bdd3e3987 Simplify Pass the Pash rule 2021-08-27 11:53:28 -04:00
frack113 ff37a49dc0 Merge pull request #1930 from SigmaHQ/rule-devel 
fix: FPs with whoami rule and 4688 event IDs without parent info
 2021-08-27 06:27:30 +02:00
Roberto Rodriguez f05cf20b12 Merge branch 'master' into feature/AADHealth-Agent-HybridADFSServices 2021-08-26 16:12:38 -04:00
Roberto Rodriguez f98970ef06 adding basic rules to detect behavior around AAD health agents and AAD Hybrid Health AD FS services in Azure 2021-08-26 16:10:42 -04:00
frack113 a6149462d8 Merge pull request #1931 from phantinuss/master 
More malleable CobaltStrike C2 profiles from new source/reference
 2021-08-26 17:18:19 +02:00
frack113 59000b993d Merge pull request #1932 from mlp1515/french_user 
Add French user
 2021-08-26 17:12:39 +02:00
phantinuss e59b8e1e3e add applicable pipe names from regex rule 2021-08-26 14:53:20 +02:00
mlp1515 cce7cfc79a Update win_tool_psexec.yml 
French language settings
 2021-08-26 12:51:45 +00:00
mlp1515 e1aa82b412 Update win_susp_tscon_localsystem.yml 
French language settings
 2021-08-26 12:50:24 +00:00
mlp1515 e9ed5f592c Update sysmon_always_install_elevated_windows_installer.yml 
French language settings
 2021-08-26 12:48:59 +00:00
mlp1515 4f49f03460 Update sysmon_abusing_debug_privilege.yml 
French language settings
 2021-08-26 12:46:15 +00:00
mlp1515 a31422db74 Update win_susp_schtask_creation.yml 
French language settings
 2021-08-26 12:45:24 +00:00
mlp1515 5f419d6f35 Update win_susp_taskmgr_localsystem.yml 
French language settings
 2021-08-26 12:44:35 +00:00
mlp1515 5545403a9b Update win_whoami_as_system.yml 
French language settings
 2021-08-26 12:43:33 +00:00
mlp1515 7ad927f28e Update win_wmiprvse_spawning_process.yml 
French language settings
 2021-08-26 12:42:47 +00:00
mlp1515 644397e65c Update win_exploit_cve_2019_1388.yml 
French language settings
 2021-08-26 12:41:36 +00:00
phantinuss dc19268583 remove becasue of possible conflict 
with a legitimate tool (https://labs.nettitude.com/blog/cve-2017-16245-cve-2017-16246-avecto-defendpoint-multiple-vulnerabilities/)
 2021-08-26 14:25:12 +02:00
Florian Roth 6c7d355ef5 Try to add more pipe names to this non-regex rule 2021-08-26 14:00:57 +02:00
Florian Roth 2d36d62e88 Merge pull request #1928 from frack113/fix_name_case 
fix file name case
 2021-08-26 13:55:12 +02:00
Florian Roth 24d8701f15 fix: null cannot be used in a list with other values 2021-08-26 13:54:18 +02:00
Florian Roth a231aa73b3 fix: FPs with whoami rule and 4688 event IDs without parent info 2021-08-26 13:33:25 +02:00