security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,088 Commits 1 Branch 57 Tags
6706a67bb8bec761c22de188096bbf39c8c9b35d
Commit Graph

217 Commits

Author SHA1 Message Date
Florian Roth 6706a67bb8 refactor: move few apt rules to categories, del 'apt' folder 2022-10-14 11:44:49 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali e810e907a1 Create posh_ps_psasyncshell.yml 2022-10-04 20:57:15 +02:00
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Florian Roth e46d19e450 fix: condition 2022-09-27 10:30:34 +02:00
Florian Roth e6d7ba8224 Merge branch 'master' into aurora-false-positive-fixing 2022-09-27 00:20:07 +02:00
Florian Roth e1375467c5 fix: FPs with Azure hosts 2022-09-26 23:52:48 +02:00
frack113 2cd376c70c fix pass 2022-09-16 20:04:55 +02:00
frack113 c78b332ba7 Add posh_ps_sensitive_file_discovery 2022-09-16 19:37:26 +02:00
Florian Roth 67072ecc91 Merge pull request #3488 from frack113/redcannary_20220910 
Add posh_ps_disable_windowsoptionalfeature
 2022-09-16 09:13:16 +02:00
frack113 c4d2ed0478 Merge pull request #3497 from bornatalebi/master 
New Rule: Windows DNS Client Rule command
 2022-09-16 06:33:41 +02:00
Borna Talebi 2af0431efa Change Title 2022-09-16 00:53:55 +04:30
Borna Talebi b984d52c65 Fixing conditions 2022-09-16 00:32:47 +04:30
Borna Talebi 0e7085bee5 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:23:58 +04:30
Borna Talebi 227c2f6bb9 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:11:52 +04:30
Borna Talebi d078d47360 New Rule: Windows DNS Client Rule 2022-09-14 22:32:35 +04:30
Nasreddine Bencherchali 8a504bee9e Add %tmp% env variable 2022-09-13 10:49:14 +02:00
nasreddine.bencherchali@nextron-systems.com 6fa682b619 Create posh_ps_susp_clear_eventlog.yml 2022-09-13 10:02:36 +02:00
frack113 f4da079d13 Add posh_ps_enable_windowsoptionalfeature 2022-09-11 19:43:54 +02:00
frack113 51076b2078 Update posh_ps_disable_windowsoptionalfeature.yml 2022-09-11 19:29:15 +02:00
frack113 5996fbf4c9 Fix tag 2022-09-10 19:23:58 +02:00
frack113 486fdabe34 Add posh_ps_disable_windowsoptionalfeature 2022-09-10 19:15:36 +02:00
frack113 21435629a0 Merge pull request #3482 from nasbench/nasbench-rule-devel 
Rule Devel (New+Update)
 2022-09-10 12:34:26 +02:00
Florian Roth e7084eee04 Merge pull request #3487 from SigmaHQ/aurora-false-positive-fixing 
fix: fixing multiple FPs with the use of VSCode
 2022-09-10 12:07:01 +02:00
Florian Roth 7dbdd4d1c6 fix: fixing multiple FPs with the use of VSCode 2022-09-10 11:42:44 +02:00
nasreddine.bencherchali@nextron-systems.com 70f9ff61ca Big Update 2022-09-09 15:02:31 +02:00
nasreddine.bencherchali@nextron-systems.com 1e2a894c2e Update posh_ps_adrecon_execution.yml 2022-09-06 17:19:46 +02:00
Wagga cb4f834845 Update posh_ps_nishang_malicious_commandlets.yml 
Typo in detection : https://github.com/samratashok/nishang/blob/master/Utility/Add-Persistence.ps1
 2022-08-29 18:53:22 +02:00
Wagga 57fcc2864f Update posh_ps_invoke_dnsexfiltration.yml 2022-08-29 07:44:46 +02:00
Wagga ef0aae28be Update posh_ps_set_policies_to_unsecure_level.yml 2022-08-29 07:43:02 +02:00
Wagga 8235eec297 Update posh_ps_susp_write_eventlog.yml 2022-08-29 07:39:53 +02:00
Florian Roth 3c5852b5f5 fix: line endings, level, description, fp 2022-08-25 08:45:39 +02:00
Ali Alwashali 9dccb4830e Update posh_ps_disable_psreadline_command_history.yml 2022-08-24 16:16:38 +03:00
Ali Alwashali 3890f6b431 posh_ps_disable_psreadline_command_history 2022-08-21 14:49:51 +03:00
Florian Roth a82c533d30 Merge pull request #3395 from nasbench/nasbench-rule-devel 
Update + New Rules
 2022-08-20 09:46:40 +02:00
frack113 3dcb4c195b Add t1484.001 2022-08-19 19:12:40 +02:00
Nasreddine Bencherchali 52f26a14a2 Rule Update 2022-08-17 20:27:55 +01:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
Nasreddine Bencherchali b6bac087ef Update posh_ps_tamper_defender_remove_mppreference.yml 2022-08-05 18:45:44 +01:00
Nasreddine Bencherchali b4472132a4 Fix after review 2022-08-05 18:40:12 +01:00
Nasreddine Bencherchali f704feaf69 New Rules 2022-08-05 17:11:42 +01:00
Nasreddine Bencherchali 9ef9103368 Update PowerShell + other rules 2022-08-05 17:10:41 +01:00
Florian Roth 6dde3012cc refactor: some changes 2022-07-11 19:55:54 +02:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali d2f08cca5d New Rules 2022-07-11 10:22:45 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali 49e389db5c Add More paths 2022-07-07 19:13:22 +01:00
Nasreddine Bencherchali b26c28972d Add missing definition fields and references 2022-07-07 19:13:01 +01:00
Nasreddine Bencherchali 3818c77b03 Fix Error 2022-06-28 22:40:42 +01:00
Nasreddine Bencherchali f57b35e992 New Rules 2022-06-28 22:22:12 +01:00