blue-team-tools

Author	SHA1	Message	Date
phantinuss	646ce36809	fix: use doublequotes instead of ' because of ' in string	2022-02-11 16:52:45 +01:00
phantinuss	809f7abbb8	fix: several FPs against a fresh installed Windows with example applications and basic user interaction 3	2022-02-11 16:38:52 +01:00
Florian Roth	97dacc4ffc	refactor: increased level to medium	2022-02-06 14:17:38 +01:00
$frack113$ frack113	62611e0e39	add posh_ps_get_adreplaccount	2022-02-06 11:15:00 +01:00
$frack113$ frack113	2887cf2800	Merge pull request #2623 from frack113/red_t1555_003 Redcannary windows	2022-02-03 22:23:19 +01:00
$frack113$ frack113	d1268d040c	Change status and related	2022-02-03 06:53:50 +01:00
$frack113$ frack113	8eeadb9beb	Add other browser	2022-02-03 06:38:43 +01:00
Florian Roth	d2e741cf9a	Merge pull request #2628 from frack113/redcannay_t1553_005 Windows Redcannary T1553.005	2022-02-02 18:38:55 +01:00
phantinuss	65c3a72715	fix: used in legitimate microsoft scripts	2022-02-02 11:00:43 +01:00
$frack113$ frack113	3c0f4b79c9	Windows Redcannary T1553.005	2022-02-01 18:41:53 +01:00
$frack113$ frack113	0bcb842c70	Redcannary windows	2022-01-30 18:47:49 +01:00
$frack113$ frack113	1aa7697ca8	Update posh_ps_clear_powershell_history.yml	2022-01-27 16:16:57 +01:00
Florian Roth	d52602dd5e	Update posh_ps_clear_powershell_history.yml	2022-01-26 18:09:09 +01:00
Florian Roth	feedcee6bf	Update posh_ps_clear_powershell_history.yml	2022-01-26 17:57:26 +01:00
$frack113$ frack113	818b20b949	add posh_ps_clear_powershell_history	2022-01-25 19:58:18 +01:00
$frack113$ frack113	8a47c56397	Merge pull request #2595 from frack113/red_20220123b Windows Redcannary	2022-01-25 06:21:17 +01:00
$frack113$ frack113	f1959f25d7	Windows Redcannary	2022-01-23 16:37:59 +01:00
$frack113$ frack113	1b8fa21be1	Fix space	2022-01-23 11:40:35 +01:00
$frack113$ frack113	90334e7f7c	Redcannary windows test	2022-01-23 11:37:01 +01:00
$frack113$ frack113	caa4c7f977	Add Redcannary Windows Rules	2022-01-19 20:40:43 +01:00
$frack113$ frack113	4631d0c482	remove invalid tag	2022-01-19 18:23:30 +01:00
$frack113$ frack113	3ec9f6d252	Merge pull request #2569 from frack113/red_20220116 Windows Redcannary defense_evasion	2022-01-17 06:36:41 +01:00
$frack113$ frack113	fc7485a07c	Merge pull request #2567 from frack113/red_20220115 Windows Redcannary	2022-01-17 06:35:49 +01:00
$frack113$ frack113	12f0d6dfab	Windows Redcannary	2022-01-16 14:47:56 +01:00
$frack113$ frack113	cb938c14df	Windows Redcannary	2022-01-15 17:04:03 +01:00
$frack113$ frack113	65a268b0b3	Rename powershell_script	2022-01-15 10:54:21 +01:00
$frack113$ frack113	f4c6871b50	Merge pull request #2554 from frack113/red_2022012 Windows Redcannary	2022-01-13 22:26:48 +01:00
$frack113$ frack113	592485fac5	Windows Redcannary	2022-01-12 20:27:56 +01:00
phantinuss	b6d4e39538	feat: check for the existence of a description field it is not mandatory in the sigma standard but mandatory for this repository	2022-01-12 12:55:49 +01:00
$frack113$ frack113	f7e670d55e	Simple Quote	2022-01-11 13:40:53 +01:00
Florian Roth	11164849b3	Merge pull request #2543 from SigmaHQ/rule-devel Several new rules and some fixes	2022-01-11 12:44:03 +01:00
Florian Roth	e055ec1d52	refactor: change all " of them" expressions	2022-01-11 10:59:57 +01:00
Florian Roth	55d49b7e9b	Merge branch 'master' into rule-devel	2022-01-11 08:20:29 +01:00
$frack113$ frack113	16f3fdb922	fix detection	2022-01-10 17:48:46 +01:00
Florian Roth	ab761ce996	refactor: adjusted rule level	2022-01-09 16:13:25 +01:00
Florian Roth	68fea95772	Update posh_ps_suspicious_iofilestream.yml	2022-01-09 16:12:31 +01:00
$frack113$ frack113	01c6e5f6e3	Windows Redcannary	2022-01-09 12:37:23 +01:00
$frack113$ frack113	af99c75785	Windows Redcannary	2022-01-08 09:17:56 +01:00
$frack113$ frack113	33b5223ab7	fix quote	2022-01-06 14:09:09 +01:00
$frack113$ frack113	73f258e2d1	Change double quote to quote	2022-01-06 14:02:35 +01:00
$frack113$ frack113	601aa50587	Merge pull request #2507 from frack113/redcannary_20220102 Windows Redcannary	2022-01-03 12:38:05 +01:00
$frack113$ frack113	8b67ad069e	Windows Redcannary	2022-01-02 10:36:52 +01:00
$frack113$ frack113	7eebc4d054	Windows redcannary	2022-01-01 08:42:40 +01:00
$frack113$ frack113	2eda4d51d5	Merge pull request #2500 from frack113/redcannary_20211229 Windows Redcannary	2021-12-31 17:29:09 +01:00
Florian Roth	07036fd2a7	Update powershell_ps_office_comobject_registerxll.yml	2021-12-31 15:48:41 +01:00
Florian Roth	dde4d25b6b	Update powershell_ps_directoryservices_accountmanagement.yml	2021-12-31 15:48:15 +01:00
$frack113$ frack113	5d5b3e83b1	Windows persistence	2021-12-30 11:58:10 +01:00
$frack113$ frack113	d8f5d3cca3	Windows Redcannay	2021-12-29 17:47:43 +01:00
$frack113$ frack113	1a877a5ccd	Merge pull request #2495 from frack113/redcannary_20211227 Windows redcannary rules	2021-12-28 12:52:07 +01:00
Florian Roth	01021a585d	Update powershell_ps_susp_win32_shadowcopy.yml	2021-12-28 12:04:14 +01:00

1 2

98 Commits