security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,623 Commits 1 Branch 57 Tags
671b60e42ffff3eb56f426a2d53daa67c79b4a5b
Commit Graph

4047 Commits

Author SHA1 Message Date
phantinuss 671b60e42f fix: FP in testing environment 2022-11-24 16:21:28 +01:00
Florian Roth 5542c8c9d9 Merge pull request #3720 from nasbench/nasbench-rule-devel 
feat: general updates and fixes
 2022-11-22 23:25:26 +01:00
phantinuss 62358809a1 fix: FP in testing environment 2022-11-22 16:26:55 +01:00
phantinuss 6ecdd77f6d chore: update submodule cti 2022-11-22 16:21:25 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Nasreddine Bencherchali 89d69de27f fix: rename + update rule 2022-11-21 12:40:54 +01:00
Nasreddine Bencherchali 471d7a8919 fix: rename rule 2022-11-21 12:35:01 +01:00
Nasreddine Bencherchali e22875f3fa fix: update metadata of the rule 2022-11-21 12:34:34 +01:00
Nasreddine Bencherchali 80c60681e4 fix: add missing related field 2022-11-21 12:31:11 +01:00
Nasreddine Bencherchali 8bd85273c1 fix: deprecate f67dbfce-93bc-440d-86ad-a95ae8858c90 2022-11-21 12:31:01 +01:00
Nasreddine Bencherchali 4532c77a4e fix: fix typo in title and add FP comment 2022-11-21 12:27:54 +01:00
Nasreddine Bencherchali 2145eb75f9 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-21 11:23:27 +01:00
Nasreddine Bencherchali 4084bba9d1 feat: add new variations to the rule 2022-11-21 11:23:18 +01:00
Nasreddine Bencherchali e158555dcd Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-11-21 11:22:32 +01:00
Florian Roth 916bee6fce Merge pull request #3715 from nasbench/add-missing-cmd-flags 
feat: add missing cmd flags
 2022-11-19 11:34:44 +01:00
Florian Roth 74e2d1bd3c Merge pull request #3718 from SigmaHQ/rule-devel 
Rule devel
 2022-11-19 11:33:53 +01:00
Florian Roth 66adbb43f7 chore: change modified date 2022-11-19 08:48:43 +01:00
Florian Roth 4e36ec7175 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:58 +01:00
Florian Roth 009ef39ca0 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:50 +01:00
Florian Roth 37f6586987 Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:39 +01:00
Florian Roth 4e27fec49b Update rules/windows/process_creation/proc_creation_win_susp_process_hacker.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-19 08:45:30 +01:00
Nasreddine Bencherchali 6df8df3116 feat: update defender reg tamper rule 2022-11-18 18:11:59 +01:00
Nasreddine Bencherchali 87ff47c074 fix: rename rule to be conform to the title 2022-11-18 17:54:13 +01:00
Nasreddine Bencherchali 16e104952a feat: update nsudo rule 2022-11-18 17:53:16 +01:00
Nasreddine Bencherchali 9b1a6cc7c9 feat: update disable defender rule 2022-11-18 17:53:06 +01:00
Nasreddine Bencherchali 6fe9eff838 feat: add missing /r 2022-11-18 13:46:51 +01:00
Nasreddine Bencherchali 15f3896922 feat: rename rule to fit convention 2022-11-18 13:45:18 +01:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
frack113 59ccb74bc6 Add proc_creation_win_susp_powercfg 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 11:26:04 +01:00
Nasreddine Bencherchali 7804decd2d feat: add more clarification to the test (#3710) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-18 11:15:50 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00
frack113 cd3082c3f2 Add proc_creation_win_susp_msbuild (#3708) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-18 08:29:50 +01:00
sysradwin b851fe17b9 Update proc_creation_win_base64_reflective_assembly_load.yml 2022-11-17 13:03:32 -05:00
Nasreddine Bencherchali 54a94f6f1c fix: add more cases 2022-11-17 10:26:00 +01:00
Nasreddine Bencherchali 061f93364e fix: update invoke-obfuscation rules 2022-11-17 00:25:04 +01:00
Florian Roth 54669f283d Merge branch 'master' into rule-devel 2022-11-16 18:12:30 +01:00
Florian Roth c79f594425 rule: proc hacker, system informer driver load; refactor: imphash casing 2022-11-16 18:12:23 +01:00
Florian Roth 890c2496d1 Merge pull request #3695 from nasbench/add-missing-originalfilename 
feat: add missing `OriginalFileName` field
 2022-11-16 10:44:54 +01:00
Nasreddine Bencherchali 38688b6e68 fix: fix remarks after review 2022-11-15 10:01:11 +01:00
Nasreddine Bencherchali f0f660100a fix: fixed broken condition 2022-11-15 00:02:19 +01:00
Nasreddine Bencherchali 7f736b7443 feat: add missing OriginalFileName field 
First batch
 2022-11-14 23:08:19 +01:00
Florian Roth d8704daf79 fix: change modified date 2022-11-14 17:21:08 +01:00
Florian Roth d43517078b fix: modifier 2022-11-14 17:08:08 +01:00
Florian Roth f0681fc49f add another character 2022-11-14 17:06:20 +01:00
Florian Roth c03944c700 fix: condition 2022-11-14 14:24:00 +01:00
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Florian Roth 91acad69a8 fix: field value 2022-11-12 09:39:25 +01:00
Florian Roth b0d47b303e Merge branch 'master' into aurora-false-positive-fixing 2022-11-12 08:34:48 +01:00
Florian Roth c37e099271 Merge branch 'master' into rule-devel 2022-11-12 08:33:29 +01:00
Florian Roth 951ad8c453 rule: suspicious command line flags 2022-11-12 08:33:21 +01:00