blue-team-tools

Author	SHA1	Message	Date
Florian Roth	86c1b4ae4b	rule: hwp exploits	2019-10-24 11:46:56 +02:00
4A616D6573	fdbdca003b	Create win_powershell_web_request.yml Broader rule for detecting web requests via various methods using Windows PowerShell, slightly crosses over the below rules but caters for different methods: https://github.com/Neo23x0/sigma/blob/99b15edf8add183543ca5738ec93f87416c34bd9/rules/windows/process_creation/win_powershell_download.yml https://github.com/Neo23x0/sigma/blob/0fa914139ca85966b49f0a8eda40a3f26608e86b/rules/windows/powershell/powershell_suspicious_download.yml	2019-10-24 11:57:37 +11:00
Yugoslavskiy Daniil	7cfd47be7c	add win_scm_database_handle_failure.yml, win_scm_database_privileged_operation.yml, win_syskey_registry_access.yml	2019-10-24 02:40:11 +02:00
alexpetrov12	cc998aa667	fix	2019-10-24 00:48:43 +03:00
alexpetrov12	f1ccf296f4	fix	2019-10-24 00:40:58 +03:00
mrblacyk	499627edf3	File permissions modification (T1222)	2019-10-23 11:24:13 -07:00
mrblacyk	4979b56296	Domain Trust Discovery rule (T1482)	2019-10-23 11:23:12 -07:00
mrblacyk	c2d906c15f	DD overwrite with zero/null (T1485)	2019-10-23 11:22:33 -07:00
mrblacyk	262514c782	Windows Service stop rule (T1489)	2019-10-23 11:22:09 -07:00
mrblacyk	5ae267e326	Linux systemd reload or start rule (T1501)	2019-10-23 11:21:19 -07:00
alexpetrov12	d3715a508b	fix	2019-10-23 18:15:46 +03:00
alexpetrov12	4c84412944	added new rule silenttrinity_stage_ use, sysmon_mimikatz_сreds_dump, sysmon_registry_persistence_key_linking, sysmon_сreds_dump	2019-10-23 18:08:30 +03:00
alexpetrov12	bc943343df	update win_sysmon_driver_unload	2019-10-23 15:41:14 +03:00
alexpetrov12	215e500894	fix	2019-10-23 14:43:01 +03:00
alexpetrov12	193c95a11a	add new rule1	2019-10-23 14:27:52 +03:00
root	edcbc49ce8	add rule win_susp_open with_execution.yml win_susp_devt oolslauncher_execution.yml	2019-10-23 13:00:21 +02:00
alexpetrov12	043e3f7ca6	fix	2019-10-23 13:48:44 +03:00
alexpetrov12	e38540a37f	fix	2019-10-23 13:28:04 +03:00
alexpetrov12	c1cfbacd24	fix	2019-10-23 13:18:57 +03:00
alexpetrov12	ad9b98541c	fix	2019-10-23 13:05:38 +03:00
alexpetrov12	fa4a8c974d	fix	2019-10-23 12:45:06 +03:00
alexpetrov12	f4ea01217e	fix	2019-10-23 02:47:04 +03:00
alexpetrov12	ebe4fe0377	fix	2019-10-23 02:42:37 +03:00
alexpetrov12	29cd7fed3e	fix	2019-10-23 02:39:40 +03:00
alexpetrov12	5a260db459	fix	2019-10-23 02:27:14 +03:00
alexpetrov12	6c4f4ce309	fix	2019-10-23 02:25:04 +03:00
alexpetrov12	8d0c89b598	added new rules add rule MiniDumpWriteDump via COM+, renamed_binary_description, cobalt_execute_assembly, win_sysmon_driver_onload	2019-10-23 01:55:03 +03:00
Florian Roth	3d4ce9d175	rule: another reference link for 'execution by ordinal'	2019-10-22 15:18:19 +02:00
zinint	49f9b797a7	Update sysmon_xsl_script_processing.yml	2019-10-22 15:20:15 +03:00
zinint	a8bd2c8e78	Update win_data_compressed.yml	2019-10-22 14:57:53 +03:00
zinint	74d1fef8b8	Update win_data_compressed.yml	2019-10-22 14:53:43 +03:00
zinint	cc6d4b05ac	OSCD Task 7 : ART T1002 Exfiltration With Rar OSCD Task 7 : ART T1002 Compress Data for Exfiltration With Rar	2019-10-22 14:00:52 +03:00
Florian Roth	b3654947bc	rule: suspicious call by ordinal (rundll32)	2019-10-22 12:40:26 +02:00
Florian Roth	0f02f2bdfc	rule: adjusted very noisy rule on AppLocker whitelist bypass	2019-10-22 12:32:37 +02:00
root	00a757959e	add rule win_susp_capture_screenshots.yml	2019-10-22 06:06:07 +02:00
root	2bd9d8a9d8	add rule sysmon_webshell_creation_detect.yml	2019-10-22 05:56:37 +02:00
root	fb53855ae5	add rule sysmon_webshell_creation_detect.yml	2019-10-22 05:50:49 +02:00
zinint	daf1034621	Update win_possible_applocker_bypass.yml	2019-10-22 00:54:29 +03:00
zinint	789782ef59	Update sysmon_xsl_script_processing.yml	2019-10-22 00:08:46 +03:00
zinint	56f807cb44	Update sysmon_xsl_script_processing.yml	2019-10-22 00:06:54 +03:00
zinint	0d8eff0d86	Update sysmon_xsl_script_processing.yml	2019-10-22 00:06:10 +03:00
zinint	a1d72f20c8	Update sysmon_xsl_script_processing.yml	2019-10-21 23:51:39 +03:00
zinint	5248f83fb3	Update sysmon_xsl_script_processing.yml	2019-10-21 23:46:11 +03:00
zinint	a685c9c3be	Update sysmon_xsl_script_processing.yml	2019-10-21 23:39:33 +03:00
zinint	784d7138ca	OSCD Task 7 ART T1220 OSCD Task 7 ART T1220 rule add	2019-10-21 22:22:55 +03:00
Florian Roth	4e7ad5c948	rule: added date to crypto miner rule	2019-10-21 13:24:33 +02:00
Florian Roth	e8963b2599	rule: crypto miner user agents in proxy logs	2019-10-21 13:21:50 +02:00
Florian Roth	c8b5b91815	Merge pull request #471 from a2tf/rule_change_proxy_uri_to_url rule: changed two proxy rules from uri-query to url	2019-10-21 12:52:36 +02:00
root	e47caf4749	add rule lnx_auditd_web_rce.yml	2019-10-21 11:54:21 +02:00
root	a499141483	modified rule lnx_auditd_web_rce.yml	2019-10-21 11:28:59 +02:00

... 25 26 27 28 29 ...

2542 Commits