security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
12,584 Commits 1 Branch 57 Tags
80098113d06750ddb9ab275d7df1049f88d4ea7c
Commit Graph

11 Commits

Author SHA1 Message Date
Florian Roth 60b7c0a407 Update proc_creation_win_webshell_spawn.yml 2022-08-19 09:08:31 +02:00
Tim Shelton 8c027a17f2 FP: another false positive on using cmd exec to query service stats.... maybe theress a vuln opportunity here? 2022-08-18 04:51:38 +00:00
Nasreddine Bencherchali b984ee65b3 Update proc_creation_win_webshell_spawn.yml 2022-08-01 23:28:53 +01:00
Nasreddine Bencherchali d13cba8c4b Updates 2022-07-27 23:41:11 +01:00
Tim Shelton fb95703685 False positive when running Manage Engine and elastic 2022-07-25 21:33:39 +00:00
Nasreddine Bencherchali 16b2945027 New Rules + Update 2022-07-14 17:35:50 +01:00
svch0stz 3ec531979a Update proc_creation_win_webshell_spawn.yml 
Example pulled from manage engine below:

Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
ParentImage: C:\Program Files\ManageEngine\SupportCenterPlus\jre\bin\java.exe
ParentCommandline: "..\jre\bin\java" -Dcatalina.home=.. -Dserver.home=.. -Dserver.stats=1000  <snip>
 2022-05-15 14:57:21 +10:00
phantinuss f1dcaa02f4 fix: single list element 2022-03-21 12:33:55 +01:00
Florian Roth e754849425 fix: missing space 2022-03-18 08:37:09 +01:00
Florian Roth 8250dd73a2 refactor: webshell detection rules 2022-03-17 18:24:15 +01:00
frack113 8bb3379b68 Normalization of rule names 2022-02-22 11:16:31 +01:00