security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,756 Commits 1 Branch 57 Tags
481b695eff3c73d6ebff418cfb01314088fa3df2
Commit Graph

672 Commits

Author SHA1 Message Date
IPv777 77a8ac59ef remove duplicate 2020-07-24 16:38:08 +02:00
Daniel Masse 13cf0488ae Add 'contains' for the ps encoded chars rule 2020-07-22 10:49:22 -04:00
Aidan Bracher ff3f9fe9b3 Updated tags 2020-07-18 03:02:43 +01:00
Aidan Bracher 4ffe9cb042 Updated tags with sub-techniques 2020-07-18 02:53:46 +01:00
Aidan Bracher 3bd768e49b Updated tags with sub-techniques 2020-07-18 02:52:15 +01:00
Aidan Bracher 1442812681 Updated tags 2020-07-18 02:44:53 +01:00
Aidan Bracher 30bd591c96 Update win_apt_ke3chang to include sub-techniques 2020-07-18 02:37:56 +01:00
Florian Roth 3025d6850c Merge pull request #932 from rtkdmasse/rule-selection-typos 
Change the selection from Command to CommandLine in a couple of rules
 2020-07-16 09:10:15 +02:00
Florian Roth b1de627e94 Update win_apt_zxshell.yml 2020-07-16 08:47:24 +02:00
Daniel Masse 0489a50bd0 Change the selection from Command to CommandLine in a couple of rules 2020-07-15 15:55:26 -04:00
Florian Roth 8f66803ddf Merge pull request #927 from Neo23x0/rule-devel 
improved CVE-2020-1350 rule
 2020-07-15 12:06:31 +02:00
Florian Roth 1c103a749f fix: more FPs based on feedback 
https://twitter.com/GossiTheDog/status/1283341486680166400
 2020-07-15 12:05:50 +02:00
Florian Roth c2eb110fca fix: more exact patterns 2020-07-15 11:56:11 +02:00
Florian Roth ae7fbb9245 fix: false positive filters based on SOC Prime's rule 2020-07-15 11:49:20 +02:00
Florian Roth e5a34a965c Merge pull request #926 from Neo23x0/rule-devel 
rule: CVE-2020-1350
 2020-07-15 11:19:07 +02:00
Florian Roth 80639afd43 rule: CVE-2020-1350 2020-07-15 11:03:31 +02:00
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth 38c29977ff Merge pull request #925 from Neo23x0/rule-devel 
fix: issue reported as https://github.com/Neo23x0/sigma/issues/923
 2020-07-14 18:14:51 +02:00
Florian Roth 741d42ce88 fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 2020-07-14 17:59:59 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00
Florian Roth 437a567e4f Merge pull request #917 from Neo23x0/rule-devel 
New Empire Rules and Updates
 2020-07-13 16:37:59 +02:00
Florian Roth 557e8b0faf rule: improved Empire detection 2020-07-13 15:47:53 +02:00
Florian Roth 7e8aa7b12b Merge pull request #915 from Neo23x0/rule-devel 
rule: regsvr32 flags anomaly
 2020-07-13 12:16:05 +02:00
Florian Roth 7a63fd56da rule: regsvr32 flags anomaly 2020-07-13 11:59:44 +02:00
Florian Roth 168952840b Merge pull request #910 from Neo23x0/rule-devel 
Rule devel
 2020-07-10 14:17:22 +02:00
Florian Roth 268a28daed rule: Evilnum Golden Chicken rule OCX 2020-07-10 13:02:52 +02:00
Florian Roth 7949729fa4 rule: PowerShell encoded character syntax 2020-07-09 08:52:32 +02:00
Thomas Patzke 3e17cc1900 Merge pull request #894 from caliskanfurkan/master 
ditsnap, a credential access tool used in ransomware attacks
 2020-07-07 23:21:36 +02:00
Furkan CALISKAN 8ef82e48eb ditsnap 2020-07-04 23:21:52 +03:00
Florian Roth 11517edbd7 rule: suspicious curl usage 2020-07-03 18:55:44 +02:00
Florian Roth c4267a4614 rule: suspicious curl file upload 2020-07-03 18:20:44 +02:00
Florian Roth 4d9e2e8c16 fix: trailing white space 2020-07-03 17:59:50 +02:00
Florian Roth 4dc818aafd fix: rar flags rule caused too many FPs 2020-07-03 13:20:24 +02:00
Florian Roth abf5f799d6 docs: more references 2020-07-03 13:19:44 +02:00
Florian Roth 5f04fcccf5 fix: broken links 2020-07-03 11:22:06 +02:00
Florian Roth 3111ab8396 refactor: new way to write that rule 2020-07-03 11:20:36 +02:00
Florian Roth d12b8347dc fix: bug in cmstp rule 
https://github.com/Neo23x0/sigma/issues/876
 2020-07-03 11:19:11 +02:00
Florian Roth 0bbf40fb14 refactor: include xcopy 2020-07-03 11:03:45 +02:00
Florian Roth 3bea08edfc refactor: copy from/to system32 rule 2020-07-03 10:56:26 +02:00
Florian Roth 34ea706e4f fix: typo in systemroot 2020-07-03 10:24:58 +02:00
Florian Roth 0fa1c1525b fix: missing copy command 2020-07-03 10:17:34 +02:00
Florian Roth 1f0b1e58a9 fix: bugs in rule and title 2020-07-03 09:54:10 +02:00
Florian Roth 01ed87186f Copy From System Root rule 2020-07-03 09:45:58 +02:00
Florian Roth 33fef8bcf5 DesktopImgDownLdr rules 2020-07-03 09:45:48 +02:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth 154181c6c8 fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
Florian Roth d70b63b78c rule: RedMimicry rules (modified) 2020-07-01 09:17:31 +02:00
Florian Roth b7ac36e6ab Merge branch 'master' into rule-devel 2020-07-01 09:04:46 +02:00
Florian Roth f2587791f2 rule: suspicious rar flags 2020-07-01 09:04:26 +02:00
Florian Roth eb3a6e86af Merge pull request #867 from HarishHary/suspicious_powershell_parent_process 
New Rule: Suspicious powershell parent process
 2020-06-30 10:00:28 +02:00