security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,271 Commits 1 Branch 57 Tags
4b8f70fb97e497660da32f25d122cd51ec637cc2
Commit Graph

15271 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dan21san 4b8f70fb97 feat: add new rules related to linux reverse shells (#4166) 2023-04-25 11:03:11 +02:00
erickatwork 91bc015216 feat: update description ECS TASK DEF rule (#4181) 2023-04-25 11:00:24 +02:00
phantinuss 0e7d782776 Merge pull request #4196 from nasbench/nash-rule-dev 
feat: small updates
 2023-04-25 09:04:02 +02:00
phantinuss 7188e83ccb Merge pull request #4195 from swachchhanda000/master 
Modified rule to detect every possible way of rdrleakdiag execution
 2023-04-25 08:48:04 +02:00
Nasreddine Bencherchali 4eb95d28dd feat: small updates 2023-04-24 23:23:38 +02:00
Nasreddine Bencherchali 3170c29e91 fix: merge rules and update detection 2023-04-24 19:24:19 +02:00
BlueTeamOps 1c333860ee feat: new rule Suspicious Network Connection to IP Lookup Service APIs 2023-04-24 17:30:57 +02:00
Swachchhanda Poudel fc8c66b3a4 Added detection to detect every possible way of execution through rdrleakdiag 2023-04-24 21:05:57 +05:45
phantinuss 465ded22a3 Merge pull request #4190 from swachchhanda000/master 
Added support when flag is called another way while executing xsl…
 2023-04-24 14:05:05 +02:00
Nasreddine Bencherchali 4bf1ff3ae5 Merge pull request #4191 from nasbench/paperCut-print-management-rules 
feat: new rules and folder restructure
 2023-04-24 11:47:26 +02:00
phantinuss f26e4c2c62 fix: minor 2023-04-24 09:10:47 +02:00
phantinuss 23f080a889 Merge pull request #4194 from phantinuss/master 
fix: adding executable bit
 2023-04-24 08:47:43 +02:00
phantinuss 1d6ad79f06 fix: adding executable bit 2023-04-24 08:41:56 +02:00
Nasreddine Bencherchali 6b88999bd9 Merge branch 'paperCut-print-management-rules' of https://github.com/nasbench/sigma into paperCut-print-management-rules 2023-04-23 15:42:11 +02:00
Nasreddine Bencherchali 1d5bbb76f0 feat: add iwr related rules 2023-04-23 15:42:02 +02:00
Nasreddine Bencherchali bf7d344c2e feat: add rules related to papercut exploitation 2023-04-23 15:42:02 +02:00
Nasreddine Bencherchali c2400ac374 chore: remove contrib folder + rename folders 2023-04-23 15:42:01 +02:00
Nasreddine Bencherchali 9ae42d481b Merge pull request #4193 from fukusuket/fix-explicitly-escape-bracket 
fix: explicitly escape `{` to make it clear that it is a literal
 2023-04-23 15:02:36 +02:00
fukusuket ca41e7a93f fix: update modified date 2023-04-23 21:37:50 +09:00
fukusuket 6010d7d114 fix: explicitly escape '{' 2023-04-23 21:37:00 +09:00
Nasreddine Bencherchali ac8d160089 Merge pull request #4192 from 0xv1n/patch-1 
fix: typo in wevtutil image name
 2023-04-22 21:33:42 +02:00
Nasreddine Bencherchali 6e515496f7 fix: add modified 2023-04-22 21:25:11 +02:00
0xv1n d80fd4f9b7 typo in wevtutil image name 
small typo fix.
 2023-04-22 15:19:46 -04:00
Nasreddine Bencherchali c0b5b0b94d feat: add iwr related rules 2023-04-21 23:38:01 +02:00
Nasreddine Bencherchali 485a48f490 feat: add rules related to papercut exploitation 2023-04-21 17:25:38 +02:00
Nasreddine Bencherchali 09b2121524 chore: remove contrib folder + rename folders 2023-04-21 17:25:21 +02:00
Nasreddine Bencherchali 09df5e68dc Merge pull request #4185 from nasbench/nash-rule-dev 
feat: add emerging-threat rules related to mint-sandstorm
 2023-04-21 15:48:39 +02:00
Nasreddine Bencherchali bf06cc3082 Merge branch 'SigmaHQ:master' into nash-rule-dev 2023-04-21 15:22:39 +02:00
Florian Roth 6bd5f427d4 Merge pull request #4161 from SigmaHQ/emerging-threats 
feat: new folder structure and other updates
 2023-04-21 15:21:59 +02:00
Nasreddine Bencherchali 0c23616a12 fix: move to deprecated 2023-04-21 15:05:56 +02:00
swachchhanda 558925f7bc Added support for when flag is called another way while executing xsl file from wmic 2023-04-21 18:47:15 +05:45
Nasreddine Bencherchali 53c69e9cc2 chore: move more rules 2023-04-21 15:01:49 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali 7f88625c3c feat: update tests for new folder struct 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali d591bf662a fix: update tests 2023-04-21 15:01:47 +02:00
Nasreddine Bencherchali a066ee9a4d chore: move solarwinds rules 2023-04-21 15:00:38 +02:00
Nasreddine Bencherchali 9890de995a feat: update tests for new folder struct 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali f4e406c1b6 fix: update tests 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali 022e79fe97 chore: add readme files 2023-04-21 15:00:37 +02:00
Nasreddine Bencherchali 23a9f98eae chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali 7d3ef2a1d3 chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali b851734126 chore: move 3cx related rules 2023-04-21 15:00:35 +02:00
Florian Roth 41bf3f3c4a refactor: folder renamed, README for emerging threats 2023-04-21 15:00:34 +02:00
Nasreddine Bencherchali 266d6630df fix: broken condition 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-21 14:56:37 +02:00
Nasreddine Bencherchali f42d6dcbed Merge pull request #4187 from nasbench/queuejumper-rules 
feat: new rules related to queuejumper
 2023-04-21 14:54:12 +02:00
Nasreddine Bencherchali faf78e1301 Merge pull request #4188 from nasbench/fw-rules-eid-updates 
feat: update firewall rules event ids
 2023-04-21 14:50:48 +02:00
Nasreddine Bencherchali 2d960a079a fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-21 14:45:16 +02:00
phantinuss 35b027ee1c Merge pull request #4184 from swachchhanda000/master 
Added new rule that identifies the creation of a scheduled job by usi…
 2023-04-21 13:31:22 +02:00
phantinuss d82d387071 Merge pull request #4189 from tuanhxh1/tuan.le.ncs 
Update Script Block Text When Run Phant0m Script
 2023-04-21 11:42:55 +02:00
Nasreddine Bencherchali add0ac0d9f fix: update structure and metadata 2023-04-21 11:38:13 +02:00