security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,444 Commits 1 Branch 57 Tags
496d1b6a2a4ec01be0ff4e154dff49ef25bee36d
Commit Graph

13444 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
phantinuss 496d1b6a2a fix: add bcedit filter and sort selection 2022-11-07 13:37:11 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Florian Roth d254c7a514 Update rules/windows/network_connection/net_connection_win_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:17 +01:00
Florian Roth ffbaee0c56 Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:12 +01:00
Florian Roth f27466ef2b Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:01 +01:00
Florian Roth 4fcac3089d Rule: Ngrok tunnel LNX 2022-11-03 17:41:23 +01:00
Florian Roth e6278f839b Rule: Ngrok Tunnel Target 2022-11-03 17:38:53 +01:00
Nasreddine Bencherchali 117d400c49 Deprecate 82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719 2022-11-03 13:42:45 +01:00
Nasreddine Bencherchali d86c05643b Deprecate dca91cfd-d7ab-4c66-8da7-ee57d487b35b 2022-11-03 13:41:40 +01:00
Nasreddine Bencherchali bd30f75335 Update proc_access_win_in_memory_assembly_execution.yml 2022-11-03 11:19:09 +01:00
Nasreddine Bencherchali 3b4f41d588 Update proc_creation_win_susp_run_folder.yml 2022-11-03 11:16:03 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
Florian Roth 1d37ec5f74 Merge pull request #3667 from nasbench/kes-rules 
KES Rule
 2022-11-02 08:17:47 +01:00
Nasreddine Bencherchali e423c92d3f Update proc_creation_win_lolbin_kavremover.yml 2022-11-01 19:01:40 +01:00
Florian Roth cc9ab8d1fd Merge pull request #3662 from securepeacock/patch-32 
Update lnx_shell_priv_esc_prep.yml
 2022-11-01 18:57:48 +01:00
Florian Roth 5e9083261a Merge pull request #3665 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-01 18:57:31 +01:00
phantinuss 29a5c62784 Merge pull request #3669 from phantinuss/master 
fix: new FPs found in testing environment
 2022-11-01 16:34:00 +01:00
phantinuss c8a4638c15 Merge pull request #3663 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-11-01 16:23:48 +01:00
phantinuss 97d5255c2e fix: new FPs found in testing environment 2022-11-01 16:19:14 +01:00
Florian Roth b00966d79d fix: dysfunctional renamed adfind rule 2022-11-01 14:58:02 +01:00
phantinuss 8c209f0ed1 Update lnx_shell_priv_esc_prep.yml 2022-11-01 12:32:46 +01:00
phantinuss 0165f9b05b Merge pull request #3664 from frack113/DeleteShadowCopies 
Add image_load_susp_vss_dll_load
 2022-11-01 12:32:04 +01:00
phantinuss 0db8a8b54d Merge pull request #3666 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-01 12:30:20 +01:00
Nasreddine Bencherchali 0fbbd96c41 Create proc_creation_win_lolbin_kavremover.yml 2022-11-01 11:23:57 +01:00
Nasreddine Bencherchali 4bdc286a02 Update rules/windows/image_load/image_load_susp_python_image_load.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 11:10:07 +01:00
phantinuss b04f8c3db0 fix: description 2022-11-01 10:53:37 +01:00
Nasreddine Bencherchali 7dbc88385c Update rules/windows/process_creation/proc_creation_win_susp_regsvr32_image.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 10:31:50 +01:00
Nasreddine Bencherchali 137608773b Update proc_creation_win_susp_guid_task_name.yml 2022-11-01 10:22:26 +01:00
Florian Roth d209219192 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 09:55:44 +01:00
phantinuss efbe16afe3 fix: use all filter selections 2022-11-01 09:08:25 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
Florian Roth 850d0edf80 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 00:16:17 +01:00
Nasreddine Bencherchali a936332a1c Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 21:06:15 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali 97d927a637 Add more lolbins 2022-10-31 20:57:57 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali e8f10733e0 Add browsers 2022-10-31 20:57:22 +01:00
Nasreddine Bencherchali a6445a9051 Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 20:56:44 +01:00
Nasreddine Bencherchali 36b9716b27 Update proc_creation_win_esentutl_webcache.yml 2022-10-31 20:56:29 +01:00
frack113 bb94f814af Update image_load_susp_vss_ps_load.yml 2022-10-31 20:24:22 +01:00
frack113 2469d525c1 Update image_load_susp_vss_dll_load.yml 2022-10-31 20:17:15 +01:00
frack113 5d3275aaca Merge branch 'master' into DeleteShadowCopies 2022-10-31 19:43:23 +01:00
frack113 a1fef566bd update filter image 2022-10-31 19:40:07 +01:00
frack113 f27ddc8a0f Update rules/windows/image_load/image_load_susp_vss_dll_load.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-31 19:33:13 +01:00
frack113 20ef4b880c Exclude SetupFrontEnd.exe 2022-10-31 18:49:53 +01:00
frack113 92ffbff5dc Add image_load_susp_vss_dll_load 2022-10-31 18:40:46 +01:00
Florian Roth ce750aba9c fix: wrong condition 2022-10-31 17:38:04 +01:00
Florian Roth 1bff9dc013 Merge branch 'master' into rule-devel 2022-10-31 15:55:35 +01:00
Florian Roth 493144a3b3 Racoon stealer UAs 2022-10-31 15:55:28 +01:00