security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,584 Commits 1 Branch 57 Tags
80098113d06750ddb9ab275d7df1049f88d4ea7c
Commit Graph

164 Commits

Author SHA1 Message Date
Wagga a693e181ff Update registry_set_disable_uac_registry.yml 2022-08-29 20:12:10 +02:00
Wagga 277032b460 Update registry_set_mpnotify_persistence.yml 2022-08-29 20:11:29 +02:00
Wagga 63ea4d7fb6 Update registry_set_fax_dll_persistance.yml 2022-08-29 20:10:25 +02:00
Wagga ec268e0983 Update registry_set_persistence_autodial_dll.yml 2022-08-29 07:48:27 +02:00
Florian Roth d452591331 Update registry_set_treatas_persistence.yml 2022-08-28 11:42:08 +02:00
Florian Roth 155c829d39 Update registry_set_treatas_persistence.yml 2022-08-28 11:41:56 +02:00
frack113 b9a2c720a8 Redcannary 20220828 2022-08-28 11:16:24 +02:00
Nasreddine Bencherchali fcd9236bae Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-08-26 19:02:04 +01:00
phantinuss e80116e704 fix: FPs found in testing environment 2022-08-26 17:29:49 +02:00
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
Florian Roth 0b0dc5a65e Merge pull request #3429 from frack113/clean_reg 
registry_event Clean up
 2022-08-25 08:39:37 +02:00
frack113 f324148291 Merge pull request #3424 from nasbench/nasbench-rule-devel 
Rule Dev - Update + New Rules
 2022-08-24 19:59:08 +02:00
frack113 583155df30 Order 2022-08-24 18:42:56 +02:00
Nasreddine Bencherchali 9f02e37dfa Update 2022-08-24 12:23:00 +01:00
phantinuss 706a4bd0fa fix: many FPs in testing environment 2022-08-24 10:09:48 +02:00
Nasreddine Bencherchali 781c69e04c Fix FP 2022-08-24 01:17:53 +01:00
Nasreddine Bencherchali 920c196f5b Update registry_set_new_network_provider.yml 2022-08-24 01:10:37 +01:00
Nasreddine Bencherchali f9c39c3c1e Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-08-24 01:06:02 +01:00
Nasreddine Bencherchali 88295a305c Rule Dev 2022-08-24 01:05:40 +01:00
frack113 2a55d4fcee Clean up 2022-08-23 19:43:38 +02:00
phantinuss e9ecf8d83d fix: remove space from copy paste 2022-08-23 16:02:51 +02:00
phantinuss e2cbcd3199 fix: FP with AVG 2022-08-23 14:26:45 +02:00
Florian Roth 848185cec1 fix: FPs with CurrentVersion reg set rule 2022-08-23 12:57:36 +02:00
Nasreddine Bencherchali ae9785eb47 TypedPaths 2022-08-22 20:04:43 +01:00
Florian Roth a4656f9cb7 Merge pull request #3408 from frack113/redcannary_20220820 
Redcannary 20220820
 2022-08-21 09:30:13 +02:00
frack113 42d49d7275 Update registry_set_add_hidden_user.yml 2022-08-21 08:28:16 +02:00
frack113 57e131fe4e Update registry_set_add_hidden_user.yml 2022-08-21 07:39:17 +02:00
frack113 9f89d4c8c7 Redcannary 20220820 2022-08-20 17:12:31 +02:00
frack113 8333671025 Fix test error 2022-08-20 12:07:01 +02:00
frack113 bda5a032c8 update 20220820 2022-08-20 11:56:18 +02:00
frack113 f88d2befa7 Update ref 2022-08-19 17:20:34 +02:00
frack113 0938659f94 Redcannary test 2022-08-19 14:06:08 +02:00
phantinuss a75e9a41a2 fix: FP with office click to run 2022-08-11 09:53:25 +02:00
frack113 1a57509e85 Merge pull request #3346 from nasbench/nasbench-rule-devel 
Updates + New Rules
 2022-08-11 06:26:57 +02:00
Nasreddine Bencherchali 3201b68004 Final update 2022-08-10 18:33:17 +01:00
phantinuss 6d1dad51fe fix: typo in filter name 2022-08-10 18:09:55 +02:00
phantinuss b0f07faa85 fix: FP with poqexec.exe 2022-08-10 17:28:03 +02:00
phantinuss 7b9cd0e74c fix: remove TargetObject restriction bc of too many FPs 2022-08-10 17:28:02 +02:00
Nasreddine Bencherchali b5c15c5137 More additions and updates 2022-08-10 12:52:49 +01:00
Nasreddine Bencherchali b905df6bc7 Updates + New Rules 2022-08-09 18:35:45 +01:00
phantinuss bfeb23e622 fix: FP found in testing 2022-08-09 17:53:48 +02:00
frack113 dcfc0b4095 Merge pull request #3336 from frack113/DbgManagedDebugger 
Add registry_set_dbgmanageddebugger_persistence.yml
 2022-08-08 18:49:47 +02:00
phantinuss eaa0f339ac fix: remove TargetObject, too many occurences in testing 2022-08-08 13:57:32 +02:00
frack113 39fa020092 Add registry_set_dbgmanageddebugger_persistence.yml 2022-08-07 10:30:30 +02:00
Nasreddine Bencherchali b4472132a4 Fix after review 2022-08-05 18:40:12 +01:00
Nasreddine Bencherchali 95e0e51e11 Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:22:23 +01:00
Nasreddine Bencherchali dfb725171a Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:14:19 +01:00
Nasreddine Bencherchali 01c1472897 Update registry_set_exploit_guard_susp_allowed_apps.yml 2022-08-05 17:13:15 +01:00
Nasreddine Bencherchali f704feaf69 New Rules 2022-08-05 17:11:42 +01:00
Nasreddine Bencherchali 9ef9103368 Update PowerShell + other rules 2022-08-05 17:10:41 +01:00