security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,371 Commits 1 Branch 57 Tags
7b90c00a4520f618eefa2f08247f8c84466f446c
Commit Graph

4701 Commits

Author SHA1 Message Date
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
Micah Babinski 7906d999ab feat: add new rule for Potential Homoglyph Attack (#4223) 2023-05-09 01:35:52 +02:00
Nasreddine Bencherchali 72d003ea24 feat: update author and selection 2023-05-05 18:25:07 +02:00
Nasreddine Bencherchali 6f659d1c1a fix: fp found in testing 2023-05-05 12:24:54 +02:00
Florian Roth 91956f8058 Merge branch 'master' into rule-devel 2023-05-05 10:10:24 +02:00
Nasreddine Bencherchali 24ed6be065 feat: updates and new rules related to fin7 2023-05-05 01:26:06 +02:00
Nasreddine Bencherchali f25a3c530c Merge pull request #4214 from nasbench/coldsteel-rules 
feat: add new rules related to coldsteel
 2023-05-03 10:16:35 +02:00
kidrek 239afc945d fix: update curl rules flags to use regex (#4213) 2023-05-03 10:16:01 +02:00
phantinuss cb399e4944 fix: typos/wording 2023-05-03 09:01:29 +02:00
Nasreddine Bencherchali 637d610884 chore: move rules to new folders (#4205) 2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali 5e1cf25642 fix: pass tests 2023-05-02 22:45:54 +02:00
Fukusuke Takahashi ef95e5278d fix: delete value-modifier in Search-Identifier (#4210) 2023-04-30 21:54:24 +02:00
phantinuss cf585abe51 feat: new rule for Rubeus in pwsh scriptblock log 2023-04-27 16:39:17 +02:00
phantinuss 648641c381 fix: can be end-of-commandline 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-04-25 11:27:21 +02:00
phantinuss 1c311b1ba9 fix: commandline match was too unspecific 2023-04-25 11:07:41 +02:00
phantinuss 0e7d782776 Merge pull request #4196 from nasbench/nash-rule-dev 
feat: small updates
 2023-04-25 09:04:02 +02:00
Nasreddine Bencherchali 4eb95d28dd feat: small updates 2023-04-24 23:23:38 +02:00
Nasreddine Bencherchali 3170c29e91 fix: merge rules and update detection 2023-04-24 19:24:19 +02:00
Swachchhanda Poudel fc8c66b3a4 Added detection to detect every possible way of execution through rdrleakdiag 2023-04-24 21:05:57 +05:45
phantinuss 465ded22a3 Merge pull request #4190 from swachchhanda000/master 
Added support when flag is called another way while executing xsl…
 2023-04-24 14:05:05 +02:00
phantinuss f26e4c2c62 fix: minor 2023-04-24 09:10:47 +02:00
Nasreddine Bencherchali 1d5bbb76f0 feat: add iwr related rules 2023-04-23 15:42:02 +02:00
Nasreddine Bencherchali 6e515496f7 fix: add modified 2023-04-22 21:25:11 +02:00
0xv1n d80fd4f9b7 typo in wevtutil image name 
small typo fix.
 2023-04-22 15:19:46 -04:00
swachchhanda 558925f7bc Added support for when flag is called another way while executing xsl file from wmic 2023-04-21 18:47:15 +05:45
Nasreddine Bencherchali 53c69e9cc2 chore: move more rules 2023-04-21 15:01:49 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali a066ee9a4d chore: move solarwinds rules 2023-04-21 15:00:38 +02:00
Nasreddine Bencherchali 23a9f98eae chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali 7d3ef2a1d3 chore: move more rules 2023-04-21 15:00:36 +02:00
Nasreddine Bencherchali b851734126 chore: move 3cx related rules 2023-04-21 15:00:35 +02:00
phantinuss 35b027ee1c Merge pull request #4184 from swachchhanda000/master 
Added new rule that identifies the creation of a scheduled job by usi…
 2023-04-21 13:31:22 +02:00
Nasreddine Bencherchali add0ac0d9f fix: update structure and metadata 2023-04-21 11:38:13 +02:00
Nasreddine Bencherchali 95edf4c9d6 Merge pull request #4177 from pH-T/master 
feat: new hktl related rules and pwsh cmdlet updates
 2023-04-21 11:24:57 +02:00
Nasreddine Bencherchali aa22c02039 chore: order list 2023-04-21 11:14:55 +02:00
Nasreddine Bencherchali cb5d421c4a feat: update pr related hktl rules 2023-04-21 11:06:03 +02:00
swachchhanda 39e39187f2 mend 
Corrected the syntax
 2023-04-20 19:05:19 +05:45
swachchhanda 9504a5a7a7 mend 
removed system_integrity
 2023-04-20 17:31:26 +05:45
swachchhanda b3f97c676d Added new rule that identifies the creation of a scheduled job by using an XML file without the extension of '.xml'. 2023-04-20 17:12:04 +05:45
phantinuss a8a8710dd6 Merge pull request #4148 from swachchhanda000/master 
Added support for another way of  execution of netsh
 2023-04-20 12:30:43 +02:00
phantinuss e640d9efe8 fix: minor 2023-04-20 12:11:22 +02:00
swachchhanda000 6e6b570b45 Merge branch 'SigmaHQ:master' into master 2023-04-20 15:22:22 +05:45
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
phantinuss 689ef52c66 fix: remove leading whitespace 
there can be double quotes which is a common pattern when using the command flag
 2023-04-20 09:47:29 +02:00
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali 497d856245 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-19 15:50:29 +02:00
phantinuss c6c226420d Merge pull request #4172 from angelovioletti/master 
Create proc_creation_win_rundll32_ext_drive.yml
 2023-04-19 14:45:24 +02:00