blue-team-tools

Author	SHA1	Message	Date
Tim Shelton	4f6d433c2d	Detects executable running with non executable extension, used for av bypass	2022-01-13 21:09:26 +00:00
$frack113$ frack113	e754d4e4de	Merge pull request #2536 from d4rk-d4nph3/master Added new reference for Office Security Settings Changed	2022-01-10 17:51:45 +01:00
Bhabesh	798c447317	Added new reference for Office Security Settings Changed	2022-01-10 12:02:01 +05:45
Florian Roth	962051e4d7	Merge pull request #2534 from frack113/fix_win_susp_firewall_disable Fix win susp firewall disable	2022-01-09 22:17:55 +01:00
Florian Roth	d374bd750b	Merge pull request #2535 from frack113/defender_firewall Microsoft Defender Firewall	2022-01-09 22:17:26 +01:00
$frack113$ frack113	7a164e61dd	fix 'off' error	2022-01-09 19:58:54 +01:00
$frack113$ frack113	ae0dc80226	Microsoft Defender Firewall	2022-01-09 19:48:22 +01:00
$frack113$ frack113	f96a5ce9ff	Fix detection	2022-01-09 19:24:38 +01:00
Florian Roth	e45849b029	Merge pull request #2533 from frack113/redcannary_20220109 Windows Redcannary	2022-01-09 17:26:53 +01:00
Florian Roth	ebb3f54d67	Update win_pc_iis_http_logging.yml	2022-01-09 16:13:00 +01:00
Florian Roth	68fea95772	Update posh_ps_suspicious_iofilestream.yml	2022-01-09 16:12:31 +01:00
Florian Roth	da5c01507c	Update win_fe_csharp_compile_artefact.yml	2022-01-09 16:11:54 +01:00
$frack113$ frack113	01c6e5f6e3	Windows Redcannary	2022-01-09 12:37:23 +01:00
$frack113$ frack113	ac240b1487	Merge pull request #2527 from frack113/promote_366d Change status to test	2022-01-09 08:02:36 +01:00
$frack113$ frack113	86e7fdafa2	Merge pull request #2531 from frack113/redcannary_20220107 Windows Redcannary	2022-01-09 08:02:00 +01:00
Florian Roth	6f7d28b52a	Merge pull request #2532 from SigmaHQ/aurora-false-positive-fixing fix: FPs noticed with Aurora	2022-01-08 15:57:31 +01:00
Florian Roth	bdbb156090	fix: FPs noticed with Aurora	2022-01-08 15:12:17 +01:00
$frack113$ frack113	af99c75785	Windows Redcannary	2022-01-08 09:17:56 +01:00
Florian Roth	3cf4c9845c	Merge pull request #2530 from SigmaHQ/rule-devel docs: changed title of rules that were equal	2022-01-07 14:15:17 +01:00
Florian Roth	392175e467	Merge pull request #2529 from SigmaHQ/aurora-false-positive-fixing fix: add field mapping for provider name	2022-01-07 14:15:09 +01:00
Florian Roth	683c1b59cb	fix: add field mapping for provider name	2022-01-07 13:08:14 +01:00
Florian Roth	8dae0ca10a	Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel	2022-01-07 13:07:38 +01:00
Florian Roth	d31f5258eb	docs: changed title of rules that were equal	2022-01-07 13:07:35 +01:00
Thomas Patzke	5d3b3b1cf1	Merge pull request #2523 from frack113/keywork_elk Add not_bound_keyword option for elastic backend	2022-01-07 10:24:08 +01:00
Florian Roth	e91969e097	Merge pull request #2526 from SigmaHQ/aurora-false-positive-fixing fix: FP noticed with Aurora	2022-01-07 09:58:12 +01:00
Florian Roth	7b08986f4b	Merge pull request #2528 from SigmaHQ/rule-devel rule: DumpStack.log Defender evasion	2022-01-07 09:51:07 +01:00
Florian Roth	dfa7938f17	rule: DumpStack.log Defender evasion	2022-01-07 08:46:30 +01:00
$frack113$ frack113	c6014b1205	Change status to test	2022-01-07 07:04:24 +01:00
Florian Roth	70deac6240	Merge pull request #2525 from SigmaHQ/rule-devel rule: changed some rules, LOLBIN AccCheckConsole	2022-01-06 21:10:03 +01:00
Florian Roth	0f8a3bc356	fix: FP noticed with Aurora	2022-01-06 21:06:29 +01:00
Florian Roth	985bc78d0d	rule: extend parent processes	2022-01-06 17:58:44 +01:00
Florian Roth	bfd16e2628	rule: AccCheckConsole LOLBIN	2022-01-06 17:23:41 +01:00
$frack113$ frack113	5b19fc720b	Merge pull request #2524 from frack113/fix_quote Fix quote in rules	2022-01-06 17:13:47 +01:00
$frack113$ frack113	6075a590c0	fix references	2022-01-06 14:27:59 +01:00
$frack113$ frack113	33b5223ab7	fix quote	2022-01-06 14:09:09 +01:00
$frack113$ frack113	73f258e2d1	Change double quote to quote	2022-01-06 14:02:35 +01:00
$frack113$ frack113	c19d87127e	Add not_bound_keyword option for elastic	2022-01-06 12:43:04 +01:00
$frack113$ frack113	c5b38290b8	Merge pull request #2522 from frack113/redcannary_20220105 Windows redcannary	2022-01-06 06:25:22 +01:00
Florian Roth	5802915f39	Update win_pc_reg_dump_sam.yml	2022-01-05 22:40:39 +01:00
$frack113$ frack113	353eb0022e	Merge pull request #2519 from frack113/fp_sysmon_taskcache_entry Add sysmon_taskcache_entry FP	2022-01-05 21:41:33 +01:00
$frack113$ frack113	727e5ee925	Windows redcannary	2022-01-05 19:52:52 +01:00
Florian Roth	ae05f4d73a	fix: reduced the set even more	2022-01-05 16:50:59 +01:00
Florian Roth	b2e70c3622	Merge pull request #2520 from SigmaHQ/rule-devel fix: massive performance impact of keyword-based rule	2022-01-05 15:14:09 +01:00
Florian Roth	aeeb483fb7	fix: missed to set modified date	2022-01-05 14:19:02 +01:00
Florian Roth	d61b0c0120	fix: unnecessary performance impact	2022-01-05 14:18:42 +01:00
Florian Roth	3386a3649e	fix: massive performance impact of keyword-based rule	2022-01-05 14:12:13 +01:00
Florian Roth	42e6556475	Merge pull request #2516 from sreemanshanker/master Add files via upload	2022-01-05 11:12:19 +01:00
$frack113$ frack113	e32779e824	Add FP	2022-01-05 10:08:55 +01:00
Florian Roth	8d8112f13d	Update process_creation_headless_browser_file_download.yml	2022-01-04 22:27:05 +01:00
Florian Roth	acbce4f498	fix: filename not according to standard	2022-01-04 19:59:32 +01:00

1 2 3 4 5 ...

9626 Commits