blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	6b49c9328b	Merge pull request #4004 from qasimqlf/master fix: small updates to selections and conditions	2023-02-04 11:43:19 +01:00
Thomas Patzke	ef9d4f702d	Merge pull request #3878 from DCSO/rule_test_add_re_escape_tests Test: Check 're' rules against unwanted/unneeded escapes	2023-02-04 08:59:16 +01:00
Qasim Qlf	b40c19cda1	Update rules/windows/process_creation/proc_creation_win_python_pty_spawn.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-04 11:08:46 +05:00
Florian Roth	791d3a8e9a	Merge pull request #4006 from SigmaHQ/rule-devel refactor: AV signature rules updated	2023-02-03 17:13:56 +01:00
Florian Roth	619dada1c8	fix: short identifier that could cause FPs	2023-02-03 15:29:53 +01:00
Florian Roth	2b8b5f62f4	refactor: AV signature rules updated	2023-02-03 15:22:19 +01:00
Qasim Qlf	2519122a13	Update rules/windows/process_creation/proc_creation_win_regedit_import_keys_ads.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:12:36 +05:00
Qasim Qlf	469e2a1368	Update rules/windows/process_creation/proc_creation_win_tool_nircmd.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:02:10 +05:00
Qasim Qlf	119c74941f	Update rules/windows/process_creation/proc_creation_win_termserv_proc_spawn.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:01:23 +05:00
Qasim Qlf	78419eb9cc	Update rules/windows/process_creation/proc_creation_win_whoami_priv.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-03 19:00:51 +05:00
Qasim Qlf	5bd3aba86c	Update proc_creation_win_python_pty_spawn.yml	2023-02-03 16:14:20 +05:00
Qasim Qlf	4d571872ec	fix: condition	2023-02-03 15:57:29 +05:00
Qasim Qlf	c794427246	fix: condition	2023-02-03 15:56:19 +05:00
Qasim Qlf	2d5bd84433	Update proc_creation_win_regedit_import_keys.yml	2023-02-03 15:54:59 +05:00
Qasim Qlf	733293993b	fix: condition	2023-02-03 15:53:33 +05:00
Qasim Qlf	71c2be5507	Update proc_creation_win_whoami_priv.yml	2023-02-03 15:33:26 +05:00
Qasim Qlf	5505ff28d9	Update proc_creation_win_tool_nircmd.yml	2023-02-03 14:40:40 +05:00
Qasim Qlf	6279532a13	Update proc_creation_win_termserv_proc_spawn.yml	2023-02-03 14:34:34 +05:00
Qasim Qlf	18c4acce2d	update: condition name	2023-02-03 14:34:09 +05:00
Nasreddine Bencherchali	6c153bff3f	Merge pull request #3995 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-02-02 21:40:21 +01:00
Nasreddine Bencherchali	8fc7f741d9	fix: apply escape suggestion Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 21:34:54 +01:00
Nasreddine Bencherchali	b80a81aba8	fix: wrong escape Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 20:07:13 +01:00
Nasreddine Bencherchali	307ecf5694	fix: typos in titles and descriptions of rules Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali	cbf114c9a8	fix: update wildcard selection	2023-02-02 10:53:59 +01:00
Nasreddine Bencherchali	c68531e688	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-02 10:52:04 +01:00
Nasreddine Bencherchali	d08acc18ae	fix: add missing modified field	2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali	0663b4e3f4	feat: more updates	2023-02-02 00:24:35 +01:00
$frack113$ frack113	fb79c36372	Merge pull request #3989 from D4rkCiph3r/JXA_in-memory Create proc_creation_macos_jxa_in-memory_execution.yml	2023-02-01 18:46:14 +01:00
$frack113$ frack113	9ad58353a7	Update from review	2023-02-01 18:30:45 +01:00
$frack113$ frack113	c1ef84fd66	Merge remote-tracking branch 'upstream/master' into pr/3989	2023-02-01 18:27:51 +01:00
$frack113$ frack113	3d8b82805c	Merge pull request #3992 from D4rkCiph3r/osacompile Create proc_creation_macos_osacompile_run-only_execution.yml	2023-02-01 18:17:00 +01:00
$frack113$ frack113	f121041cf0	Merge pull request #3991 from D4rkCiph3r/macro-osa Create proc_creation_macos_macros_execution.yml	2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali	55f16c3f84	fix: update metadata and logic	2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali	d8b17f1d9f	fix: add ref and update description	2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali	0cddb6194c	Merge pull request #3993 from D4rkCiph3r/patch-1 feat: add new extension to osascript rule	2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali	04227055e4	fix: add reference	2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali	5d769b7b19	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali	ac85d5ebff	Merge pull request #3997 from nasbench/update-nextron-authors chore: add nextron authors tag	2023-02-01 17:07:25 +01:00
Nasreddine Bencherchali	e7d54529d1	Merge pull request #3998 from phantinuss/master fix: FPs with IPv6 adresses	2023-02-01 14:38:57 +01:00
Nasreddine Bencherchali	31a5c08480	fix: reduce author set	2023-02-01 14:34:46 +01:00
Nasreddine Bencherchali	beebafe9ce	fix: special case Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-01 13:22:11 +01:00
phantinuss	08b801aaff	fix: FPs with IPv6 adresses	2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
phantinuss	f1cbbc4061	Merge pull request #3996 from qasimqlf/master fix: optimize	2023-02-01 10:21:46 +01:00
Qasim Qlf	f7e2fc1682	Update proc_creation_win_vul_java_remote_debugging.yml	2023-02-01 11:02:57 +05:00
$frack113$ frack113	cd58c1baef	fix title case	2023-02-01 06:35:26 +01:00
Nasreddine Bencherchali	9c0eae7590	fix: remove kerberos generic filters	2023-01-31 22:18:32 +01:00
Nasreddine Bencherchali	3e24998fe1	feat: add add-appxpackage cmdlet rules	2023-01-31 22:11:32 +01:00
$frack113$ frack113	2b198b7c32	Merge pull request #3971 from frack113/order_rule_folder Order root rules folder	2023-01-31 21:05:28 +01:00
$frack113$ frack113	00d731bcb5	Merge pull request #3990 from qasimqlf/patch-28 Update proc_creation_win_purplesharp_indicators.yml	2023-01-31 17:49:01 +01:00

1 2 3 4 5 ...

14692 Commits