security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,761 Commits 1 Branch 57 Tags
738bb4af90ff24bddfe8a698cebf4924aef859a8
Commit Graph

190 Commits

Author SHA1 Message Date
yugoslavskiy a028cdf1ee Update powershell_shellcode_b64.yml 2020-12-01 02:24:35 +01:00
yugoslavskiy 7309fb7d0e Update powershell_winlogon_helper_dll.yml 2020-12-01 02:23:02 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 2e5e4a20d2 Update powershell_clear_powershell_history.yml 2020-11-28 09:26:18 +01:00
Jonhnathan 784cab1dfe Fix missing logic and Field 2020-11-26 22:46:17 -03:00
Jonhnathan 728276ef13 Improve Logic 2020-11-20 01:22:20 -03:00
Jonhnathan ee43919eec Change detection logic 2020-11-20 01:05:06 -03:00
Jonhnathan fc6c727c70 Update powershell_malicious_commandlets.yml 2020-10-15 20:59:27 -03:00
Jonhnathan ce4e22750d Update powershell_winlogon_helper_dll.yml 2020-10-15 17:15:23 -03:00
Jonhnathan efe9c2d3d6 Update powershell_shellcode_b64.yml 2020-10-15 17:14:01 -03:00
Jonhnathan 013533fceb Update powershell_prompt_credentials.yml 2020-10-15 17:13:16 -03:00
Jonhnathan 8cf2596068 Update powershell_malicious_keywords.yml 2020-10-15 17:12:08 -03:00
Jonhnathan ec10d5a61f Update powershell_malicious_commandlets.yml 2020-10-15 17:11:20 -03:00
Jonhnathan 4a3607d50b Update powershell_exe_calling_ps.yml 2020-10-15 17:09:47 -03:00
Thomas Patzke 6cc33e5989 Merge pull request #1060 from svch0stz/oscd6 
[OSCD] Created powershell_suspicious_mounted_share_deletion.yml
 2020-10-13 22:59:25 +02:00
Thomas Patzke 08eec2b6e6 Merge pull request #1094 from NikitaStormwind/Regular30 
[OSCD] Detects Obfuscated Powershell via use Rundll32 in Scripts #30 (4104, 4103)
 2020-10-13 21:43:16 +02:00
Thomas Patzke 5f4d60951d Merge pull request #1112 from NikitaStormwind/regular29(1) 
[OSCD] Detects Obfuscated Powershell via use Clip.exe in Scripts #29 (4104, 4103)
 2020-10-13 21:34:38 +02:00
Thomas Patzke 7e8930f15e Merge pull request #1142 from NikitaStormwind/regular28(1) 
[OSCD] Detects Obfuscated Powershell via Stdin in Scripts #28 (4104, 4103)
 2020-10-13 11:38:26 +02:00
Thomas Patzke 0c77edb859 Merge pull request #1120 from bczyz1/oscd 
[OSCD] Create powershell_icmp_exfiltration.yml
 2020-10-13 11:37:40 +02:00
Timur Zinniatullin d1ef56bddb @aw350m3 style complience (: 2020-10-13 02:47:09 +03:00
Timur Zinniatullin 870574b635 Add powershell_invoke_obfuscation_via_var++.yml 2020-10-13 02:19:57 +03:00
Thomas Patzke cb86c509f1 Merge pull request #1129 from bczyz1/oscd-sprint-2-keylogging 
[OSCD] Modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature
 2020-10-13 00:58:24 +02:00
Thomas Patzke eaa9f293e7 Merge pull request #1125 from vburov/patch-12 
[OSCD] Create powershell_cmdline_reversed_strings
 2020-10-13 00:57:22 +02:00
Thomas Patzke 5664f72a2a Merge pull request #1054 from NikitaStormwind/task#70 
[OSCD] Detecting Code injection with PowerShell in another process #70
 2020-10-13 00:47:13 +02:00
Nikita P. Nazarov c5efbc8345 Detects Obfuscated Powershell via Stdin in Scripts 2020-10-12 18:47:51 +03:00
Bartlomiej Czyz e90f91b89e append authors of the update 2020-10-11 23:42:33 +02:00
Bartlomiej Czyz b6876e5123 remove redundant reference 2020-10-11 23:35:17 +02:00
Vasiliy Burov 1320e0b733 Update powershell_cmdline_reversed_strings.yml 2020-10-11 23:40:12 +03:00
Bartlomiej Czyz 94efeda45d modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature 2020-10-11 19:11:54 +02:00
Vasiliy Burov 64b07ff51a Update powershell_cmdline_reversed_strings.yml 2020-10-11 19:42:39 +03:00
Vasiliy Burov c868ef655c Update powershell_cmdline_reversed_strings.yml 2020-10-11 17:37:07 +03:00
Vasiliy Burov 7aaf4654cd Rename powershell_cmdline_reversed_strings to powershell_cmdline_reversed_strings.yml 2020-10-11 17:28:56 +03:00
Vasiliy Burov 00f5d1ec92 Update powershell_cmdline_reversed_strings 2020-10-11 17:24:46 +03:00
Vasiliy Burov 51f00c153c Update powershell_cmdline_reversed_strings 2020-10-11 17:18:15 +03:00
Vasiliy Burov dd9c29377b Update powershell_cmdline_reversed_strings 2020-10-11 17:11:58 +03:00
Vasiliy Burov 8f2ddc632e Create powershell_cmdline_reversed_strings 2020-10-11 17:02:02 +03:00
Bartlomiej Czyz a5dea8c596 [OSCD] Fix powershell_icmp_exfiltration.yml references, add newline at the end of the file #1013 2020-10-10 23:08:39 +02:00
Bartlomiej Czyz 6dcd4a6c6d [OSCD] Create powershell_icmp_exfiltration.yml #1013 2020-10-10 23:05:31 +02:00
Nikita P. Nazarov 414c98e7ba Detects Obfuscated Powershell via use Clip.exe in Scripts 2020-10-09 19:37:07 +03:00
Nikita Nazarov 31095033ab Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-09 16:25:59 +03:00
Nikita Nazarov 80a3a6c048 Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:52:01 +03:00
Nikita Nazarov b4377ed632 Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:45:07 +03:00
Nikita Nazarov 3ba4eeac7b Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:36:20 +03:00
Nikita P. Nazarov 2db2ab30c4 Detects Obfuscated Powershell via use Rundll32 in Scripts 2020-10-08 17:08:43 +03:00
Nikita Nazarov d3f0ddd2b1 Update powershell_code_injection.yml 2020-10-07 14:50:00 +03:00
Nikita Nazarov bfa3635cd2 Update powershell_accessing_win_api.yml 2020-10-07 14:47:29 +03:00
svch0stz 0fe1850bf4 Update powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:54:48 +11:00
svch0stz a7442328eb Create powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:44:05 +11:00
svch0stz 3dafef411f Delete powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:42:25 +11:00
svch0stz 5c2ef0dd35 Update powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:33:12 +11:00