security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,191 Commits 1 Branch 57 Tags
4edce91d4101d5e3876d3e23f862eaeb0389cd89
Commit Graph

4647 Commits

Author SHA1 Message Date
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali 497d856245 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-19 15:50:29 +02:00
phantinuss c6c226420d Merge pull request #4172 from angelovioletti/master 
Create proc_creation_win_rundll32_ext_drive.yml
 2023-04-19 14:45:24 +02:00
Nasreddine Bencherchali e95aaa1e5d fix: small updates 2023-04-19 12:38:38 +02:00
Nasreddine Bencherchali 15b36c6577 fix: broken selection 2023-04-18 22:52:40 +02:00
Nasreddine Bencherchali c64b907b8b fix: filter 2023-04-18 22:50:18 +02:00
Nasreddine Bencherchali 83e352c52e fix: some errors 2023-04-18 22:47:11 +02:00
Nasreddine Bencherchali 61c8364c20 feat: add rules related to rogue rdp 2023-04-18 22:13:30 +02:00
Nasreddine Bencherchali 9a2ee48ef8 feat: update multiple rules 2023-04-18 18:08:08 +02:00
Nasreddine Bencherchali 032570a080 feat: more winget updates 2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali f2eba9d125 feat: update winget related rules 2023-04-17 18:24:01 +02:00
Qasim Qlf 52ca56335e fix: image name 2023-04-14 20:44:27 +05:00
Florian Roth 836091e953 Merge pull request #4170 from nasbench/nash-rule-dev 
feat: rule updates
 2023-04-14 16:26:21 +02:00
Nasreddine Bencherchali fa84af599a fix: update filter 2023-04-14 12:00:22 +02:00
Nasreddine Bencherchali 1363db5ff3 fix: typos 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-14 11:54:04 +02:00
Nasreddine Bencherchali 5f6614b273 feat: update hh.exe related rules 2023-04-12 16:12:33 +02:00
Nasreddine Bencherchali bb7aabb4b4 chore: author update 2023-04-12 16:11:58 +02:00
Nasreddine Bencherchali 59a5db8eaf fix: update selection naming 2023-04-12 14:48:36 +02:00
angelovioletti 663d2c5059 Delete proc_creation_win_rundll32_ext_drive.yml 2023-04-12 14:22:24 +02:00
angelovioletti f71c1c5348 Update proc_creation_win_lolbin_not_from_c_drive.yml 2023-04-12 14:21:54 +02:00
angelovioletti da519ba868 Update proc_creation_win_rundll32_ext_drive.yml 2023-04-12 09:16:48 +02:00
angelovioletti c2643de61e Add new rule proc_creation_win_rundll32_ext_drive.yml 
Rule to detect the execution of rundll32.exe processes where the current directory is an external drive, based on an analysis of BumbleBee.
 2023-04-12 09:15:05 +02:00
Nasreddine Bencherchali e3f2b80121 feat: add new flags 2023-04-12 03:40:38 +02:00
Nasreddine Bencherchali 8835f8c6c9 fix: remove space in filename 2023-04-12 03:25:34 +02:00
Nasreddine Bencherchali 4f4a9356c8 fix: remove duplicate uuid 2023-04-12 03:11:21 +02:00
Nasreddine Bencherchali be3a56566e feat: add rule related to CVE-2023-21554 2023-04-12 03:11:03 +02:00
Nasreddine Bencherchali e898abc019 feat: rule updates 2023-04-12 02:57:44 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
Mohamed Ashraf a7e34f7b3f feat: new rule related rorschach ransomware activity (#4159) 2023-04-04 14:59:25 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali 5138fef3e5 feat: update 3cx compromise related rules (#4156) 2023-03-31 15:01:41 +02:00
Nasreddine Bencherchali f8313036a0 feat: new rule related to susp child process of 3CXDesktopApp (#4153) 2023-03-30 00:36:02 +02:00
Nasreddine Bencherchali c08a50758b feat: update 2023-03-29 18:59:24 +02:00
Nasreddine Bencherchali cc24dc6a80 Update proc_creation_win_malware_3cx_infected.yml 2023-03-29 18:45:09 +02:00
Nasreddine Bencherchali f0555380ca feat: new compromised 3cx rules 2023-03-29 18:41:34 +02:00
frack113 e89bf57b5d Fix detection 2023-03-26 16:55:09 +02:00
frack113 7bbfe6521a Fix detection 2023-03-26 16:45:02 +02:00
Paul Schiffer b83c8aaf60 fix: typo in command line argument (#4140) 2023-03-24 15:46:46 +01:00
phantinuss aa1ab49773 fix: FPs found in testing environment 2023-03-24 10:41:21 +01:00
phantinuss 330b68cac3 Merge pull request #4128 from gs3cl/gesec_winpeas 
Update proc_creation_win_hktl_winpeas.yml
 2023-03-24 08:40:11 +01:00
gs3cl df54e30ec8 chg author 2023-03-23 20:07:09 +01:00
Nasreddine Bencherchali a504ab6927 fix: add cli option 2023-03-23 15:36:13 +01:00
Nasreddine Bencherchali d48a08c441 fix: update selection choices 2023-03-23 15:30:48 +01:00
Nasreddine Bencherchali 0ccef7822e fix: fp found in testing 2023-03-22 20:31:33 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
gs3cl 302b42267f Update proc_creation_win_hktl_winpeas.yml 
fix error
 2023-03-21 08:26:22 +01:00
gs3cl 1dc81a5455 Update proc_creation_win_hktl_winpeas.yml 
- add selection_linpeas_option
- add selection_default_dl
- chg AND to OR for OriginalFileName
 2023-03-21 07:52:35 +01:00
gs3cl e50d06b687 Update proc_creation_win_hktl_winpeas.yml 2023-03-20 21:31:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
Hieu Tran 0e934bd4b4 feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111) 2023-03-17 13:00:57 +01:00