security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,224 Commits 1 Branch 57 Tags
4989d43ae97015f8113aed2efcd49d288b8fec21
Commit Graph

225 Commits

Author SHA1 Message Date
github-actions[bot] 367ebd9395 Merge PR #4700 from @nasbench - Promote older rules status from experimental to test 
chore: promote older rules status from experimental to test
 2024-02-01 02:09:31 +01:00
github-actions[bot] c3fe2da997 chore: promote older rules status from experimental to test (#4651) 
Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2024-01-01 09:00:51 +01:00
github-actions[bot] a6e7cce606 Merge PR #4533 from @nasbench - Promote experimental rules 
chore: promote older rules status from `experimental` to `test`

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-11-02 10:48:45 +01:00
Wagga 8bf3282194 Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields 
update: Registry Persistence via Service in Safe Mode - Fix typo in title
chore: Fix multiple typo in metadata fields and comments

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-10-28 13:15:09 +02:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
frack113 020fc8061f Merge PR #4479 From @frack113 - Upgrade Rules Status 
chore: Upgrade status level from `experimental` to `test` for rules that have not changed in 300 days

---------

Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2023-10-17 14:35:26 +02:00
Mladia a3f39d8fb6 Merge PR #4458 from @Mladia - Update Coverage 
update: Linux Network Service Scanning - Auditd - Update coverage to add `ncat` and `nc.openbsd`

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-09-27 10:27:45 +02:00
Nasreddine Bencherchali b34f098b0d Update lnx_auditd_masquerading_crond.yml 2023-08-22 18:36:03 +02:00
Mladia 25d7fb85d4 Update lnx_auditd_masquerading_crond.yml 
Adapting the rule so it corresponds to the linked atomic red scenario.
 2023-08-01 12:35:34 +02:00
Nasreddine Bencherchali 8dca7aa1ba feat: more updates 2023-07-28 14:32:57 +02:00
Nasreddine Bencherchali d7f1e8c443 Update lnx_auditd_binary_padding.yml 2023-05-03 01:09:55 +02:00
fukusuket 78fe42f78c refactor: use '|all' instead of using all of for a single selector. 2023-04-30 21:49:32 +09:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
iai-rsa 66f3c54b89 feat: new linux rules #4095) 
- Updated lnx_auditd_system_info_discovery.yml
- Added lnx_auditd_modify_system_firewall.yml
- Depracted lnx_auditd_alter_bash_profile.yml and replaced by an enhanced version in lnx_auditd_unix_shell_configuration_modification.yml
 2023-03-27 13:17:54 +02:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali 15757c2b7d fix: remove tactic links 2023-01-10 19:20:31 +01:00
frack113 4023bf2c83 Remove mitre url 2023-01-10 18:09:04 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
signalblur 73f56c2f0e Hidden Linux Binary Execution (#3108) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-31 08:27:32 +01:00
Nasreddine Bencherchali 85aa0220d0 Merge pull request #3819 from blueteam0ps/master 
lnx_auditd_debugfs_usage.yml
 2022-12-27 16:57:22 +01:00
Nasreddine Bencherchali 0d2ddb4a9b fix: small selection fix for clarity 2022-12-27 16:23:09 +01:00
Nasreddine Bencherchali 256d6a839e fix: update condition 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 16:13:56 +01:00
Nasreddine Bencherchali 281dc11fc5 fix: remove correlation 2022-12-27 15:31:51 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali 120196b2fc fix: resolve #2613 2022-12-21 10:33:31 +01:00
Nasreddine Bencherchali c36acb333f fix: typo in comment 2022-12-20 22:28:49 +01:00
Nasreddine Bencherchali e72bc1dcaf fix: add reference 2022-12-20 22:14:46 +01:00
Nasreddine Bencherchali 592e0062a1 fix: update condition and add new ref 2022-12-20 22:14:14 +01:00
zakibro 1a117d38e7 Update rules/linux/auditd/lnx_auditd_create_account.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-20 19:30:26 +01:00
zakibro 59e4dc3e1c Modifying Creation Of An User Account 
Added additional test for record type of ADD_USER which should be generated whether you have created auditd rule or not.
 2022-12-20 15:51:40 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
Nasreddine Bencherchali ae149345b5 fix: fix #1972 2022-11-17 00:53:00 +01:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali 88f10a5d39 Fix issues 2022-10-05 17:19:48 +02:00
nasreddine.bencherchali@nextron-systems.com 4fc62dee7c Linux rules update 2022-09-16 09:22:57 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
frack113 823cf26633 Merge pull request #3356 from Zandmann/patch-3 
Create BPF_Door_port_redirect.yml
 2022-08-13 10:34:38 +02:00