security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,036 Commits 1 Branch 57 Tags
77cd0bf6c0a250877244f7a07e1ad2edc19fa196
Commit Graph

11746 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 77cd0bf6c0 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali 83bcab5fd6 chore: increase level of some sideloading rules 2023-03-15 01:10:52 +01:00
Nasreddine Bencherchali 64295b1ed7 fix: remove unnecessary filter 2023-03-15 00:11:35 +01:00
Nasreddine Bencherchali 1d45236bf6 fix: broken condition 2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali 933e99eef8 fix: cicd errors 2023-03-14 23:21:18 +01:00
Nasreddine Bencherchali 90574160ec feat: new rules and update 2023-03-14 20:07:44 +01:00
Nasreddine Bencherchali 37544fd175 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-14 10:51:23 +01:00
Mohamed Ashraf 7d3b540de3 Update rules/windows/image_load/image_load_side_load_wazuh.yml 
update description

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-14 09:59:53 +02:00
Nasreddine Bencherchali adf0ac1718 feat: attrib rules updates 2023-03-14 01:50:30 +01:00
Nasreddine Bencherchali dba3839e23 feat: new rules related to dotnet-dump 2023-03-14 01:43:14 +01:00
Nasreddine Bencherchali 77a825beea fix: improve metadata 2023-03-13 23:37:37 +01:00
Nasreddine Bencherchali 072dc5e982 fix: fp 2023-03-13 14:14:58 +01:00
Mohamed Ashraf (X__Junior) 1a4ad4c67c new rules related to possible dll sideloading 2023-03-13 14:47:52 +02:00
Florian Roth 96347ade8b Merge pull request #4099 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-13 11:18:19 +01:00
Nasreddine Bencherchali a599e7b4af fix: add missing modified 2023-03-13 10:49:29 +01:00
Nasreddine Bencherchali d7083f6175 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-13 10:48:08 +01:00
Nasreddine Bencherchali 5198cb3824 chore: change state to unsupported 2023-03-13 10:35:44 +01:00
Yamato Security 7c79441245 moved multi-line condition to single line 2023-03-13 13:54:43 +09:00
tuan 2a1124e95e feat: new rules Linux Package Uninstall (#4098) 2023-03-13 00:04:53 +01:00
frack113 61a6ca59b0 feat: new rule amsi.dll load by uncommon process (#4102) 2023-03-12 23:58:51 +01:00
Nasreddine Bencherchali 1a4f76242c Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-12 23:54:40 +01:00
Nasreddine Bencherchali 1743ce90ea fix: add missing modifier 2023-03-11 18:32:33 +01:00
Nasreddine Bencherchali 991c824f9a feat: more updates 2023-03-10 23:32:32 +01:00
Nasreddine Bencherchali c1b2b05cde Update proc_creation_win_apt_apt31_judgement_panda.yml 2023-03-10 16:52:10 +01:00
Nasreddine Bencherchali a8462ec916 feat: more apt rules updates 2023-03-10 16:50:29 +01:00
Zeta 9da9da80d3 Update ATT&CK Techniques and Tactics (#4096) 2023-03-10 01:21:42 +01:00
Nasreddine Bencherchali b36fb603e0 fix: fp found in testing 2023-03-09 22:53:30 +01:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali 3b11cafc57 Merge pull request #4091 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-07 18:07:57 +01:00
Nasreddine Bencherchali 149256b0b9 fix: add missing modified date 2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali 556e445e22 fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-03-07 17:49:21 +01:00
Nasreddine Bencherchali 7303137b14 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali 2883c2e714 fix: test errors 2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali 1378cf6d75 feat: update cmd based rules 2023-03-07 14:13:57 +01:00
Nasreddine Bencherchali e2d48cf455 chore: rename wscript/cscript only rules 2023-03-06 01:09:29 +01:00
Nasreddine Bencherchali e5c75d3232 fix: shorten filenames 2023-03-06 00:55:03 +01:00
Nasreddine Bencherchali e3503d5d60 feat: more updates 2023-03-06 00:39:26 +01:00
frack113 d8a7228c68 Add MicrosoftRedirectionURL 2023-03-05 15:10:18 +01:00
Nasreddine Bencherchali 4439d85ea5 chore: renames with new sigma convention 2023-03-03 00:21:25 +01:00
Nasreddine Bencherchali eae48afc53 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-01 19:10:50 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 46671f0905 Merge pull request #4085 from markus-nclose/master 
feat: enhance renamed binaries rule with reg.exe
 2023-03-01 14:13:53 +01:00
Nasreddine Bencherchali 8649d31048 fix: update modified field 2023-03-01 13:52:03 +01:00
markus-nclose 5d7fe8823b Add reg.exe 
Reg.exe for Qakbot defense evasion.
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt
xcopy  C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\glanduleHoratory.exe /h /s /e
 2023-03-01 13:27:59 +02:00
Nasreddine Bencherchali 3c425a0b03 Merge branch 'SigmaHQ:master' into master 2023-02-28 21:10:47 +01:00
Nasreddine Bencherchali 1950fd389a fix: rollback previous state of the rule 2023-02-28 21:10:08 +01:00
Nasreddine Bencherchali b584dd198e Merge pull request #4074 from pfpt-dmiller/patch-1 
feat: add new dns rule related to socgholish c2
 2023-02-28 18:28:56 +01:00
Nasreddine Bencherchali f5f6ec3e64 fix: update modifiers 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-28 18:27:41 +01:00