security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,254 Commits 1 Branch 57 Tags
7abceb07cedf9d79ef35f2ea97ea9d437a2c7c39
Commit Graph

129 Commits

Author SHA1 Message Date
frack113 abcaf00aee Merge pull request #1818 from frack113/split_1802_net 
Correct lists with only 1 value
 2021-08-13 10:17:24 +02:00
Florian Roth 852d7a8b22 fix: typo in description 2021-08-12 10:11:17 +02:00
Florian Roth a9ad4eda4a rules: ProxyShell refactoring and new rule 2021-08-09 17:57:34 +02:00
frack113 fc64b8b937 Split PR 1802 fix net rules 2021-08-09 17:23:15 +02:00
Florian Roth af1e43f3c1 more generic 2021-08-08 23:05:56 +02:00
Florian Roth a80f9f280c refactor: feedback from Rich Warren 2021-08-08 23:05:23 +02:00
Florian Roth 5443298092 rule: ProxyShell improved 2021-08-08 18:52:49 +02:00
Florian Roth 0a8904a61e fix: issues with new rule 2021-08-07 10:10:12 +02:00
Florian Roth 1ac49a2055 rule: ProxyShell patterns 2021-08-07 09:22:24 +02:00
G Y 544ec5861b Update web_nginx_core_dump.yml 
Fixed typo in description field.
 2021-07-03 10:39:37 +08:00
Florian Roth f438039af9 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Sittikorn S c9ce298b2e Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 
remove http response
 2021-06-29 17:49:01 +07:00
Sittikorn S 14d1c68cc8 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 15:19:22 +07:00
Sittikorn S 67f483e6a9 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 14:17:27 +07:00
Sittikorn S c446c519cf Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:59:08 +07:00
Sittikorn S f3c1d78615 Create web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:56:30 +07:00
Florian Roth ab73dd4dd6 rule: nginx core dump 2021-05-31 10:49:42 +02:00
Florian Roth 02323043d7 Create web_cve_2021_26814_wzuh_rce.yml 2021-05-22 15:45:38 +02:00
Florian Roth 3cf1be9e8d rule: exchange vulnerability CVE-2021-28480 2021-05-14 10:08:41 +02:00
Josh Brower af09dd8e3c Clean up: Webshell ReGeorg Detection 2021-04-05 13:01:10 -04:00
Florian Roth 428db0c74a Merge pull request #1382 from d4rk-d4nph3/master 
Added rule for CVE-2021-21978 in VMware View Planner
 2021-03-29 11:22:56 +02:00
Bhabesh Rai a58c5ed7cc Added rule for CVE-2021-21978 in VMware View Planner 2021-03-10 18:05:15 +05:45
Florian Roth dca5c870d7 Merge pull request #1374 from hieuttmmo/master 
Detect HAFNIUM operations
 2021-03-09 09:16:52 +01:00
Florian Roth 62b65a3578 Merge pull request #1375 from SigmaHQ/rule-devel 
fix: description
 2021-03-04 17:35:53 +01:00
Florian Roth bea2f226c6 fix: description 2021-03-04 17:35:25 +01:00
Tran Trung Hieu 5f74a58081 Detect HAFNIUM operations 2021-03-04 00:01:54 +07:00
Florian Roth 9e921115bc Merge pull request #1373 from SigmaHQ/rule-devel 
HAFNIUM rule
 2021-03-03 10:34:08 +01:00
Florian Roth d8ded5ebdc refactor: changed symbols after feedback from Volexity 2021-03-03 10:15:45 +01:00
Florian Roth e17986ebd3 rule: HAFNIUM Exchange exploitation 2021-03-03 09:58:43 +01:00
Florian Roth 73a3a1e5cd Merge pull request #1360 from d4rk-d4nph3/master 
Added sigma rule for vSphere RCE CVE-2021-21972
 2021-03-03 09:32:05 +01:00
Florian Roth 8c95f90075 Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Florian Roth 96803a5a27 Merge pull request #1355 from Neo23x0/rule-devel 
Rule devel
 2021-02-22 17:46:21 +01:00
Florian Roth aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth 43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth f62fc2e889 Merge pull request #1341 from d4rk-d4nph3/master 
Added rule for TerraMaster TOS CVE-2020-28188
 2021-02-18 11:17:48 +01:00
Bhabesh Rai a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth 6b9eef58da Merge pull request #1338 from Neo23x0/rule-devel 
Improved UNC2452 activity rules
 2021-01-25 14:36:44 +01:00
Florian Roth a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Bhabesh Rai 465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Bhabesh Rai dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Florian Roth 30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
Florian Roth 0a83f91386 Merge pull request #1321 from d4rk-d4nph3/master 
Fixed typo in file format
 2020-12-28 09:13:48 +01:00
Bhabesh Rai bf77c8266a Fixed typo in file format 2020-12-28 11:46:02 +05:45
Florian Roth 896fc21911 Merge pull request #1320 from d4rk-d4nph3/master 
Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass
 2020-12-27 20:37:36 +01:00
Florian Roth a6212a4490 style: some minor style changes 2020-12-27 20:06:19 +01:00
Bhabesh Rai 1cfad987b0 Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass 2020-12-27 17:34:49 +05:45
Florian Roth 821af35557 Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00