security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,959 Commits 1 Branch 57 Tags
7b64ab552f94de507753860b6ff0268d4a656321
Commit Graph

2542 Commits

Author SHA1 Message Date
Thomas Patzke 01e7675e24 Merge pull request #124 from samsson/patch-1 
ATT&CK tagging
 2018-07-24 07:58:50 +02:00
Thomas Patzke 30d255ab6f Fixed tag 2018-07-24 07:58:25 +02:00
Thomas Patzke baaf8006bc Merge pull request #123 from yt0ng/sysmon 
added additional binaries and attack tactics/techniques
 2018-07-24 07:57:30 +02:00
David Spautz e275d44462 Add tags to windows builtin rules 2018-07-24 07:50:32 +02:00
James Dickenson c4edc26267 windows builtin mitre attack tags 2018-07-23 21:34:20 -07:00
Lurkkeli 1898157df5 ATT&CK tagging 
Added tag for technique t1015
 2018-07-23 23:57:15 +02:00
yt0ng 16160dfc80 added additional binaries and attack tactics/techniques 2018-07-23 15:47:56 +02:00
Florian Roth 1134051fba Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth 03a64cca74 Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR dfb77e936d Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth 0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
Suleyman Ozarslan e6cbc17c12 ATT&CK tagging of Scheduled Task Creation 2018-07-22 15:56:47 +03:00
Suleyman Ozarslan 8d9b12be07 ATT&CK tagging of Default PowerSploit Schtasks Persistence 2018-07-22 15:53:56 +03:00
Suleyman Ozarslan 080892b5ab ATT&CK tagging of MSHTA Spawning Windows Shell 2018-07-20 09:53:55 +03:00
Suleyman Ozarslan 76f277d5fe ATT&CK tagging of Malicious Named Pipe rule 2018-07-20 09:41:54 +03:00
Suleyman Ozarslan 7e74527344 ATT&CK software tag is added to Bitsadmin Download rule 2018-07-20 09:35:35 +03:00
Florian Roth 1e61adfad1 rule: Changed Registry persistence Explorer RUN key rule 2018-07-19 16:27:19 -06:00
Florian Roth 83d6f12ce3 rule: Registry persistence in Explorer RUN key pointing to suspicious folder 2018-07-19 16:27:19 -06:00
Thomas Patzke f98158f5ad Further ATT&CK tagging 2018-07-19 23:36:13 +02:00
Suleyman Ozarslan 05b91847cd ATT&CK tagging of Suspicious Certutil Command rule 2018-07-19 16:42:39 +03:00
Thomas Patzke bdea097b80 ATT&CK tagging 2018-07-17 23:58:11 +02:00
Florian Roth 9e92b97661 Merge pull request #111 from nikseetharaman/cmstp_execution 
Add sysmon_cmstp_execution
 2018-07-17 14:39:56 -06:00
Florian Roth 3f0040b983 Removed duplicate status field 2018-07-16 15:55:31 -06:00
Florian Roth 429474b6d6 Merge pull request #113 from megan201296/patch-9 
fixed typo
 2018-07-16 15:38:52 -06:00
megan201296 02ea2cf923 fixed typo 2018-07-16 16:20:33 -05:00
megan201296 60310e94c6 fixed typo 2018-07-16 16:13:24 -05:00
Nik Seetharaman 3630386230 Add sysmon_cmstp_execution 2018-07-16 02:53:41 +03:00
Florian Roth 7a031709bb Merge pull request #108 from megan201296/patch-5 
fixed typo
 2018-07-14 18:31:40 -06:00
Florian Roth 70ab83eb65 Merge pull request #109 from megan201296/patch-6 
Fixed typo
 2018-07-14 18:31:21 -06:00
megan201296 be7a3b0774 Update sysmon_susp_mmc_source.yml 2018-07-13 18:49:08 -05:00
megan201296 a6455cc612 typo fix 2018-07-13 18:48:36 -05:00
megan201296 8944be1efd Update sysmon_susp_driver_load.yml 2018-07-13 18:36:12 -05:00
megan201296 a169723005 fixed typo 2018-07-13 13:53:21 -05:00
Thomas Patzke 2dc5295abf Removed redundant attribute from rule 2018-07-10 22:50:02 +02:00
Florian Roth 57727d2397 Merge pull request #107 from megan201296/typo-fixes 
Typo fixes
 2018-07-10 10:29:10 -06:00
megan201296 24d2d0b258 Fixed typo 2018-07-10 09:14:37 -05:00
megan201296 d6ea0a49fc Fixed typoes 2018-07-10 09:14:07 -05:00
megan201296 3ec67393cd Fixed typo 2018-07-10 09:13:41 -05:00
megan201296 b0bc3b66ed Fixed typo 2018-07-09 13:32:16 -05:00
megan201296 120479abb7 removed duplicates 2018-07-09 12:32:41 -05:00
megan201296 c4bd267151 Fixed typo 2018-07-09 12:02:42 -05:00
megan201296 a7ccfcb50d Fixed spelling mistake 2018-07-09 09:13:31 -05:00
Florian Roth c8fef4d093 fix: removed unnecessary lists 2018-07-07 15:43:56 -06:00
Florian Roth dea019f89d fix: some threat levels adjusted 2018-07-07 13:00:23 -06:00
yt0ng 6a014a3dc8 MSHTA spwaned by SVCHOST as seen in LethalHTA 
"Furthermore it can be detected by an mshta.exe process spawned by svchost.exe."
 2018-07-06 19:52:58 +02:00
Florian Roth ed470feb21 Merge pull request #99 from yt0ng/master 
Detects ImageLoad by uncommon Image
 2018-07-06 10:11:02 -06:00
yt0ng b21afc3bc8 user subTee was removed from Twitter 2018-07-04 17:29:05 +02:00
yt0ng f84c33d005 Known powershell scripts names for exploitation 
Detects the creation of known powershell scripts for exploitation
 2018-07-04 17:24:18 +02:00
Florian Roth 7867838540 fix: typo in rule description 2018-07-03 05:05:44 -06:00