security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,345 Commits 1 Branch 57 Tags
5f5b57504b645638835d3f83214668326ecb3426
Commit Graph

8345 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 5f5b57504b Merge pull request #2144 from frack113/fix_2140 
fix status in filter
 2021-10-14 08:12:05 +01:00
frack113 c202d39acd Merge pull request #2138 from frack113/conti_ransomware 
Conti ransomware commandline
 2021-10-14 06:31:36 +01:00
frack113 468cac031d fix status 2021-10-14 07:19:41 +02:00
frack113 1e0fde6975 Merge pull request #2135 from austinsonger/onelogin 
Onelogin Rules
 2021-10-13 16:35:27 +01:00
frack113 a10d100d87 Merge pull request #2137 from austinsonger/powershell_windows_firewall_disabled.yml 
powershell_windows_firewall_profile_disabled.yml
 2021-10-13 16:29:37 +01:00
Austin Songer 756d5b5aa6 Update onelogin_user_account_locked.yml 2021-10-13 07:02:01 -05:00
Austin Songer 4e43fce629 Update powershell_windows_firewall_profile_disabled.yml 2021-10-13 07:01:04 -05:00
frack113 5aa62bd342 fix yml 2021-10-12 21:02:15 +02:00
frack113 37c637066b add process_creation_conti_cmd_ransomware.yml 2021-10-12 20:57:12 +02:00
Austin Songer 40eed2ec59 Rename powershell_windows_firewall_disabled.yml to powershell_windows_firewall_profile_disabled.yml 2021-10-12 11:57:37 -05:00
Austin Songer d273bc25ea Create powershell_windows_firewall_disabled.yml 2021-10-12 11:56:37 -05:00
Austin Songer 9faca2f3dc Update onelogin_assumed_another_user.yml 2021-10-11 22:54:05 -05:00
Austin Songer 0978ca92d8 Update onelogin_assumed_another_user.yml 2021-10-11 21:18:31 -05:00
austinsonger 0bf9f1cfd6 Onelogin Rules 2021-10-11 21:03:48 -05:00
frack113 9b2b8dd2c3 Merge pull request #2134 from frack113/new_category 
New category for powershell rules
 2021-10-11 15:43:55 +01:00
frack113 b9fc29bc05 Merge pull request #2131 from frack113/Powershell 
Powershell order
 2021-10-11 15:43:32 +01:00
frack113 f1d5605f10 fix yml space 2021-10-11 07:44:48 +02:00
frack113 9810a9fe73 add powershell.yml 2021-10-11 07:42:04 +02:00
frack113 d081d20a13 Merge pull request #2119 from austinsonger/privilege_escalation_pass_role_to_lambda_function.yml 
passed_role_to_glue_development_endpoint.yml and passed_role_to_lambda_function.yml
 2021-10-10 11:01:36 +02:00
frack113 7497fdb484 Merge pull request #2129 from d4rk-d4nph3/master 
Added rule for possible persistence via VMTools
 2021-10-10 10:55:06 +02:00
frack113 1337116d84 Cleanup selection name 2021-10-10 10:17:24 +02:00
Bhabesh Rai a241f526ef Added more strict path 2021-10-10 07:54:40 +05:45
Austin Songer 1987897a76 Update aws_pass_role_to_lambda_function.yml 2021-10-09 15:26:38 -05:00
Austin Songer de52890a62 Update passed_role_to_glue_development_endpoint.yml 2021-10-09 15:24:49 -05:00
Florian Roth 30213dba87 Merge pull request #2132 from SigmaHQ/rule-devel 
New Rules
 2021-10-09 19:19:45 +02:00
Florian Roth 195db4cffc refactor: made Apache RCE rule more robust 2021-10-09 18:48:02 +02:00
Florian Roth 4ab3ebf6b2 Merge pull request #2128 from OTRF/feature/Susp-ADFS-NamedPipe 
Detect suspicious named pipe connections to an AD FS WID
 2021-10-09 16:47:25 +02:00
Florian Roth 2379907f26 docs: extended the description by a word 2021-10-09 16:42:42 +02:00
Florian Roth f475b90ee3 fix: typo in description 2021-10-09 16:41:48 +02:00
frack113 5c68c42058 order powershell_script 2021-10-09 10:30:36 +02:00
Florian Roth 6c4e24d0de rule: coin miner param --cpu-priority 2021-10-09 10:28:16 +02:00
frack113 77749510b7 fix yml 2021-10-09 10:01:40 +02:00
frack113 41d098b253 fix yml error 2021-10-09 09:59:21 +02:00
frack113 9b0f744f75 order powershell_script 2021-10-09 09:57:45 +02:00
frack113 fe7fbfd5fc order powershell_module 2021-10-09 09:50:49 +02:00
Florian Roth 5b49b5ee17 Merge pull request #2130 from phantinuss/master 
fix: prevent FP triggering of other sources utilising ID 1102
 2021-10-08 20:14:08 +02:00
phantinuss 04c37d977b fix: prevent FP triggering of other sources utilising ID 1102 2021-10-08 16:43:14 +02:00
frack113 98b24d30ae Merge pull request #2125 from frack113/nuclei_iis_fuzzing 
Nuclei iis fuzzing
 2021-10-08 16:40:01 +02:00
frack113 5e08c121fa Merge pull request #2127 from mluhta/patch-1 
Fix Regsvr32 Command Line Without DLL detection logic
 2021-10-08 16:38:20 +02:00
Bhabesh Rai a45e516f99 Added rule for possible persistence via VMTools 2021-10-08 13:28:35 +05:45
Roberto Rodriguez 7f17eaeb87 added rule to detect suspicious named pipe connections to an AD FS server 2021-10-08 01:57:22 -04:00
Mika Luhta e70d17745e Update modified field 2021-10-07 18:42:22 +02:00
Mika Luhta 0ee777e3b4 Fix rule detection logic 
Changed ParentImage to Image
 2021-10-07 14:25:18 +03:00
frack113 0d04b469f7 order powershell_classic 2021-10-07 07:40:53 +02:00
frack113 930d2d4223 fix id 2021-10-06 17:53:16 +02:00
frack113 dfd316c0ce Add web_iis_tilt_shortname_scan.yml 2021-10-06 17:46:15 +02:00
frack113 6d56e400d2 Merge pull request #2121 from frack113/update_test 
Update test  adding  logsource to duplicate logic test
 2021-10-06 14:46:48 +02:00
Florian Roth 7cf01c2f0c extended CVE-2021-41773 rule 2021-10-06 12:43:10 +02:00
Florian Roth 539756c884 Merge pull request #2124 from SigmaHQ/rule-devel 
rule: Apache Path Traversal - CVE-2021-41773
 2021-10-06 10:55:26 +02:00
frack113 d0561d361b Merge pull request #2123 from rachelrice/update_aws_rules 
Update AWS SAML and Lambda rules
 2021-10-05 19:49:54 +02:00