security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,516 Commits 1 Branch 57 Tags
6d8a4571cdeb16e8f84211bc3a77e5d115659129
Commit Graph

3992 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 6d8a4571cd fix: add missing - in selection 2022-11-10 18:29:15 +01:00
Nasreddine Bencherchali ddf7f1b345 fix: fix duplicates in id field 2022-11-10 17:25:55 +01:00
Nasreddine Bencherchali 14d13ef9ac fix: rename ftp.exe rule to lolbin rule 2022-11-10 17:06:28 +01:00
Nasreddine Bencherchali c102b26bcf feat: new sftp lolbin rule 2022-11-10 17:05:18 +01:00
Nasreddine Bencherchali ee5a8733dd fix: update ftp.exe rules 2022-11-10 17:05:05 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Nasreddine Bencherchali a2fc57fa52 fix: update rule to move takeown 2022-11-10 17:04:02 +01:00
Nasreddine Bencherchali fb957e2897 fix: add missing quotes and OriginalFileName field 2022-11-10 17:03:31 +01:00
Nasreddine Bencherchali 649bbc86ec fix: renamed and updated the "sc query" rule 2022-11-10 17:03:01 +01:00
Nasreddine Bencherchali c9e755acbf fix: add missing quotes and additional metadata 2022-11-10 17:02:29 +01:00
Florian Roth 99d8c96ccd Merge pull request #3688 from SigmaHQ/rule-devel 
rule: vuln Lenovo driver load, fix: Dell driver load condition, rule: Sysmon parent proc
 2022-11-10 16:34:21 +01:00
Florian Roth 3278292559 fix: FPs 2022-11-10 15:01:09 +01:00
Florian Roth 254766170f docs: update description and tags 2022-11-10 14:57:26 +01:00
Florian Roth 19fbbf8265 rule: Sysmon as parent 2022-11-10 14:52:31 +01:00
phantinuss 4e60b8abf0 Merge pull request #3686 from qasimqlf/patch-11 
Minor Fix
 2022-11-10 11:54:23 +01:00
Qasim Qlf 097e673df8 Minor Fix 2022-11-10 12:41:43 +05:00
Qasim Qlf 52daec4489 Minor Fix 2022-11-10 12:40:13 +05:00
Florian Roth 9e68c45df0 Merge pull request #3684 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-09 20:04:15 +01:00
Florian Roth 2f4eed2fe4 no need to update the modified date here 2022-11-09 18:33:13 +01:00
phantinuss 9136963672 fix: filter empty ParentImage which might happen as a race condition on startup 2022-11-09 16:45:00 +01:00
Nasreddine Bencherchali 39d66b4e94 Merge branch 'master' into nasbench-rule-devel 2022-11-09 16:14:38 +01:00
Nasreddine Bencherchali 5a70e402b3 Update rules 2022-11-09 16:13:17 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth c9fe367eae rule: amsi bypass 2022-11-09 09:44:31 +01:00
Ilya_Krestinichev ffb726b6df Create proc_creation_win_susp_ping_del.yml (#3671) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-09 09:42:33 +01:00
Nasreddine Bencherchali f7c1d9fe9d Update proc_creation_win_weak_or_abused_passwords.yml 2022-11-08 14:52:42 +01:00
Nasreddine Bencherchali 33bd200a89 Fix FP 2022-11-08 12:32:44 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
Florian Roth 7a36b5b0b0 Merge pull request #3680 from SigmaHQ/aurora-false-positive-fixing 
fix: dysfunctional rules
 2022-11-07 19:29:16 +01:00
Florian Roth 0d86ec83b5 fix: calc rule logic 2022-11-07 15:31:38 +01:00
Florian Roth 74834a6db0 fix: FPs with mshta execution 2022-11-07 15:22:21 +01:00
Nasreddine Bencherchali fc8eeb7b1e Fix FP 2022-11-07 12:11:30 +01:00
Nasreddine Bencherchali 841b311dd0 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-07 11:57:18 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Nasreddine Bencherchali 753772a177 Rename+Metadata Update 2022-11-04 11:59:11 +01:00
Nasreddine Bencherchali 117d400c49 Deprecate 82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719 2022-11-03 13:42:45 +01:00
Nasreddine Bencherchali d86c05643b Deprecate dca91cfd-d7ab-4c66-8da7-ee57d487b35b 2022-11-03 13:41:40 +01:00
Nasreddine Bencherchali 3b4f41d588 Update proc_creation_win_susp_run_folder.yml 2022-11-03 11:16:03 +01:00
Florian Roth 1d37ec5f74 Merge pull request #3667 from nasbench/kes-rules 
KES Rule
 2022-11-02 08:17:47 +01:00
Nasreddine Bencherchali e423c92d3f Update proc_creation_win_lolbin_kavremover.yml 2022-11-01 19:01:40 +01:00
Florian Roth 5e9083261a Merge pull request #3665 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-01 18:57:31 +01:00
phantinuss c8a4638c15 Merge pull request #3663 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-11-01 16:23:48 +01:00
Florian Roth b00966d79d fix: dysfunctional renamed adfind rule 2022-11-01 14:58:02 +01:00
Nasreddine Bencherchali 0fbbd96c41 Create proc_creation_win_lolbin_kavremover.yml 2022-11-01 11:23:57 +01:00
Nasreddine Bencherchali 7dbc88385c Update rules/windows/process_creation/proc_creation_win_susp_regsvr32_image.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 10:31:50 +01:00
Nasreddine Bencherchali 137608773b Update proc_creation_win_susp_guid_task_name.yml 2022-11-01 10:22:26 +01:00
Florian Roth d209219192 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 09:55:44 +01:00
phantinuss efbe16afe3 fix: use all filter selections 2022-11-01 09:08:25 +01:00