security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,665 Commits 1 Branch 57 Tags
6ad167a4f31e2aeeccf2ef753551f7cbbbf031ac
Commit Graph

3628 Commits

Author SHA1 Message Date
Florian Roth 1fff6c3bb6 Merge branch 'master' into rule-devel 2022-09-06 09:40:07 +02:00
Florian Roth c81f87c333 refactor: renamed sdelete and increased level 2022-09-06 09:39:45 +02:00
Florian Roth ab6e9551d9 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-05 23:01:43 +02:00
Florian Roth f188b9abfd fix: FPs with crypto miner cmdlines 2022-09-05 23:01:42 +02:00
Florian Roth cab6ccc18a Merge branch 'master' into aurora-false-positive-fixing 2022-09-05 16:57:10 +02:00
David André 8a595cd3fd Merge branch 'SigmaHQ:master' into add_quotes_to_strings 2022-09-04 10:10:14 +02:00
frack113 92f694a013 Merge pull request #3461 from danielgottt/patch-8 
Create proc_creation_win_ldifde_file_load.yml
 2022-09-04 08:17:43 +02:00
Gott 38d6a52e4d Update proc_creation_win_ldifde_file_load.yml 
Implemented suggestions
 2022-09-03 10:02:51 -04:00
Florian Roth 1af75b397d fix: VSCode file permissions changes 2022-09-03 09:48:36 +02:00
frack113 8162792c11 Merge pull request #3458 from frack113/frp 
Add proc_creation_win_frp
 2022-09-03 08:18:28 +02:00
Gott 7530008f26 Create proc_creation_win_ldifde_file_load.yml 2022-09-02 19:18:52 -04:00
Nasreddine Bencherchali 1adbd8f0b3 Fix after review 2022-09-02 17:44:53 +02:00
frack113 99e3b5d440 Update proc_creation_win_frp.yml 2022-09-02 17:43:19 +02:00
Florian Roth 19d8cdbaed Update proc_creation_win_susp_powershell_download_iex.yml 2022-09-02 17:36:54 +02:00
Florian Roth 168df94b73 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 17:36:10 +02:00
Florian Roth da6ca9ece7 Update proc_creation_win_certutil_ntlm_coercion.yml 2022-09-02 17:27:15 +02:00
Florian Roth b33b2317c8 Update proc_creation_win_frp.yml 2022-09-02 17:22:23 +02:00
Florian Roth 3e1116bbfb Update proc_creation_win_frp.yml 2022-09-02 17:19:27 +02:00
Nasreddine Bencherchali f6026b6972 Update proc_creation_win_susp_schtasks_disable.yml 2022-09-02 14:39:52 +02:00
Nasreddine Bencherchali 927b29e85a Update proc_creation_win_susp_powershell_download_iex.yml 2022-09-02 14:28:47 +02:00
Nasreddine Bencherchali e0a74d6238 Update proc_creation_win_net_default_accounts_manipulation.yml 2022-09-02 14:17:17 +02:00
Nasreddine Bencherchali 884891746b Update proc_creation_win_powershell_amsi_bypass.yml 2022-09-02 12:02:18 +02:00
Nasreddine Bencherchali 37f08c4cbb More updates 2022-09-02 11:52:13 +02:00
frack113 8bb29b0e66 Add proc_creation_win_frp 2022-09-02 10:29:40 +02:00
Nasreddine Bencherchali b02a2ff2dc Update proc_creation_win_net_default_accounts_manipulation.yml 2022-09-02 09:49:14 +02:00
Nasreddine Bencherchali 5f03a73dd2 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 09:33:13 +02:00
Nasreddine Bencherchali ed88295732 Update proc_creation_win_susp_clsid_foldername.yml 2022-09-02 09:28:28 +02:00
Nasreddine Bencherchali d0e7732ddd Update proc_creation_win_susp_openas_rundll_usage.yml 2022-09-02 09:19:25 +02:00
Nasreddine Bencherchali 48c1104b1a New+Update 2022-09-02 09:15:21 +02:00
frack113 fc3c5cf99a Merge pull request #3455 from pH-T/master 
new rule: susp net use combo
 2022-09-02 06:58:32 +02:00
frack113 9a1a87de18 Update proc_creation_win_susp_net_use.yml 2022-09-02 06:42:47 +02:00
frack113 367e2fd0f9 Merge pull request #3450 from nasbench/master 
Updates+New Rules
 2022-09-02 06:39:15 +02:00
David ANDRE 1e791b85c0 Removing dev rule added by mistake 2022-09-01 15:44:16 +02:00
David ANDRE 0b0190ccb1 Added quotes to strings 2022-09-01 15:22:26 +02:00
Paul Hager 6b2f12cbe6 fix: proc_creation_win_susp_net_use status 2022-09-01 15:01:38 +02:00
Paul Hager a428756340 new rule: susp net use combo 2022-09-01 14:38:06 +02:00
Tim Shelton 1bb172e4ae False positive when commandline is only cmd.exe /c 2022-08-31 19:38:25 +00:00
Florian Roth 6e1c647019 Merge branch 'master' into aurora-false-positive-fixing 2022-08-31 13:55:52 +02:00
Florian Roth 65c6f82169 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-08-31 13:55:46 +02:00
Florian Roth 893fc6c15d fix: FP with controller config 2022-08-31 13:55:43 +02:00
Nasreddine Bencherchali 783fd8b160 Create proc_creation_win_susp_schtasks_schedule_type.yml 2022-08-31 10:08:31 +02:00
Nasreddine Bencherchali ea183cae13 Updates+New Rules 2022-08-31 09:39:16 +02:00
Florian Roth 35d9e5f36a fix: syntax error, docs: change fp text 2022-08-30 11:29:11 +02:00
Florian Roth b5c57e97fc Merge branch 'master' into rule-devel 2022-08-30 09:14:37 +02:00
Florian Roth 52c5851ef6 rules: wmic extended, defendercheck, sharpldapwhoami 2022-08-30 09:13:25 +02:00
frack113 f9b79161a5 Merge pull request #3444 from danielgottt/patch-7 
Create proc_creation_win_deviceenroller_evasion.yml
 2022-08-30 08:24:24 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
Gott 8809fc6a8e Update proc_creation_win_deviceenroller_evasion.yml 
Made corrections frack presented
 2022-08-29 15:23:17 -04:00
Wagga 691aae2638 Update proc_creation_win_ntfs_short_name_path_use_image.yml 2022-08-29 20:13:14 +02:00
Wagga 8a9d63bba1 Update proc_creation_win_wmic_remote_service.yml 2022-08-29 18:50:04 +02:00