security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,191 Commits 1 Branch 57 Tags
4edce91d4101d5e3876d3e23f862eaeb0389cd89
Commit Graph

11871 Commits

Author SHA1 Message Date
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali 08e3089c64 fix: update hostname field 2023-04-19 16:16:06 +02:00
Nasreddine Bencherchali 497d856245 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-19 15:50:29 +02:00
phantinuss c6c226420d Merge pull request #4172 from angelovioletti/master 
Create proc_creation_win_rundll32_ext_drive.yml
 2023-04-19 14:45:24 +02:00
Nasreddine Bencherchali e95aaa1e5d fix: small updates 2023-04-19 12:38:38 +02:00
Nasreddine Bencherchali 15b36c6577 fix: broken selection 2023-04-18 22:52:40 +02:00
Nasreddine Bencherchali c64b907b8b fix: filter 2023-04-18 22:50:18 +02:00
Nasreddine Bencherchali 83e352c52e fix: some errors 2023-04-18 22:47:11 +02:00
Nasreddine Bencherchali 61c8364c20 feat: add rules related to rogue rdp 2023-04-18 22:13:30 +02:00
Nasreddine Bencherchali 9a2ee48ef8 feat: update multiple rules 2023-04-18 18:08:08 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Tess 107629758d remove duplicate reference urls 2023-04-18 11:03:07 -04:00
Nasreddine Bencherchali 032570a080 feat: more winget updates 2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali aba4213d62 fix: reduce level and gen new uuid 2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali 4a921ce821 feat: add new scm error event rules 2023-04-17 18:24:23 +02:00
Nasreddine Bencherchali f2eba9d125 feat: update winget related rules 2023-04-17 18:24:01 +02:00
phantinuss 6a7a0f0269 fix: typos/wording 2023-04-17 08:39:41 +02:00
Nasreddine Bencherchali 03fc33f93c fix: add space at the end 2023-04-17 02:31:02 +02:00
Mohamed Ashraf (X__Junior) 63fb8e4655 Create image_load_side_load_libvlc.yml 2023-04-17 02:27:57 +02:00
Nasreddine Bencherchali 9456f495f4 Merge pull request #4174 from nasbench/rename-folders 
chore: rename folders
 2023-04-15 20:35:18 +02:00
Qasim Qlf 52ca56335e fix: image name 2023-04-14 20:44:27 +05:00
Nasreddine Bencherchali 3cbc9afcbe fix: update modified date 2023-04-14 17:08:28 +02:00
Nasreddine Bencherchali dc9b23df35 fix: duplicate title 2023-04-14 17:08:03 +02:00
Nasreddine Bencherchali 8616635fde chore: update filter name 2023-04-14 16:59:49 +02:00
Nasreddine Bencherchali 6949ebf244 chore: rename folders 2023-04-14 16:55:41 +02:00
Florian Roth 836091e953 Merge pull request #4170 from nasbench/nash-rule-dev 
feat: rule updates
 2023-04-14 16:26:21 +02:00
Nasreddine Bencherchali fa84af599a fix: update filter 2023-04-14 12:00:22 +02:00
Nasreddine Bencherchali 1363db5ff3 fix: typos 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-14 11:54:04 +02:00
Nasreddine Bencherchali 5f6614b273 feat: update hh.exe related rules 2023-04-12 16:12:33 +02:00
Nasreddine Bencherchali 4ce1bf45b6 feat: update malware ua 2023-04-12 16:12:11 +02:00
Nasreddine Bencherchali bb7aabb4b4 chore: author update 2023-04-12 16:11:58 +02:00
Nasreddine Bencherchali 59a5db8eaf fix: update selection naming 2023-04-12 14:48:36 +02:00
angelovioletti 663d2c5059 Delete proc_creation_win_rundll32_ext_drive.yml 2023-04-12 14:22:24 +02:00
angelovioletti f71c1c5348 Update proc_creation_win_lolbin_not_from_c_drive.yml 2023-04-12 14:21:54 +02:00
angelovioletti da519ba868 Update proc_creation_win_rundll32_ext_drive.yml 2023-04-12 09:16:48 +02:00
angelovioletti c2643de61e Add new rule proc_creation_win_rundll32_ext_drive.yml 
Rule to detect the execution of rundll32.exe processes where the current directory is an external drive, based on an analysis of BumbleBee.
 2023-04-12 09:15:05 +02:00
frack113 6ee5218b17 Add Powershell FP 2023-04-12 07:46:36 +02:00
Nasreddine Bencherchali e3f2b80121 feat: add new flags 2023-04-12 03:40:38 +02:00
Nasreddine Bencherchali 8835f8c6c9 fix: remove space in filename 2023-04-12 03:25:34 +02:00
Nasreddine Bencherchali 4f4a9356c8 fix: remove duplicate uuid 2023-04-12 03:11:21 +02:00
Nasreddine Bencherchali be3a56566e feat: add rule related to CVE-2023-21554 2023-04-12 03:11:03 +02:00
Nasreddine Bencherchali e898abc019 feat: rule updates 2023-04-12 02:57:44 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
D4rkCiph3r e32b39d855 feat: new macos rule Suspicious Browser Child Process (#4053) 2023-04-05 14:58:09 +02:00
Nasreddine Bencherchali 2c2b6b0d45 Merge pull request #4163 from frack113/fix_null_list 2023-04-05 13:28:38 +02:00
Nick Moore 463d9fff82 feat: new rule Potential Okta Password in AlternateID Field (#4158) 2023-04-05 13:21:03 +02:00
Nasreddine Bencherchali 55a510eca5 fix: small changes 2023-04-05 13:19:26 +02:00
frack113 065cd15c58 Fix filter 2023-04-05 06:51:26 +02:00
tareq-alkhatib 999cd5763a chore: split selection clause into two (#4160) 2023-04-05 05:04:54 +02:00
Mohamed Ashraf a7e34f7b3f feat: new rule related rorschach ransomware activity (#4159) 2023-04-04 14:59:25 +02:00