security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

517 Commits

Author SHA1 Message Date
Jonhnathan 1cd56f5dae Update win_vul_cve_2020_0688.yml 2020-10-15 15:56:36 -03:00
Jonhnathan ef3af551e9 Update win_user_driver_loaded.yml 2020-10-15 15:56:16 -03:00
Jonhnathan 4e70b2d797 Update win_user_added_to_local_administrators.yml 2020-10-15 15:55:21 -03:00
Jonhnathan c0892c63c8 Update win_svcctl_remote_service.yml 2020-10-15 15:54:47 -03:00
Jonhnathan d96bd0d9f3 Update win_susp_wmi_login.yml 2020-10-15 15:54:21 -03:00
Jonhnathan 496cfcb26a Update win_susp_sdelete.yml 2020-10-15 15:53:51 -03:00
Jonhnathan 600c7057b1 Update win_susp_sam_dump.yml 2020-10-15 15:53:26 -03:00
Jonhnathan 754e67c0d9 Update win_susp_rc4_kerberos.yml 2020-10-15 15:52:48 -03:00
Jonhnathan 43a56b6759 Update win_susp_raccess_sensitive_fext.yml 2020-10-15 15:51:57 -03:00
Jonhnathan 054255fb17 Update win_susp_psexec.yml 2020-10-15 15:51:16 -03:00
Jonhnathan dae1f3fa71 Update win_susp_ntlm_rdp.yml 2020-10-15 15:50:44 -03:00
Jonhnathan 9b8817f489 Update win_susp_msmpeng_crash.yml 2020-10-15 15:50:01 -03:00
Jonhnathan c310d72e2b Update win_susp_mshta_execution.yml 2020-10-15 15:49:39 -03:00
Jonhnathan 7419396351 Update win_susp_mshta_execution.yml 2020-10-15 15:49:26 -03:00
Jonhnathan 1eb0ccbf14 Update win_susp_local_anon_logon_created.yml 2020-10-15 15:48:36 -03:00
Jonhnathan e089118718 Update win_possible_dc_shadow.yml 2020-10-15 15:45:55 -03:00
Jonhnathan 6961ee4986 Update win_net_ntlm_downgrade.yml 2020-10-15 15:44:24 -03:00
Jonhnathan 8261737728 Update win_mmc20_lateral_movement.yml 2020-10-15 15:42:07 -03:00
Jonhnathan 8f3542a73e Update win_mal_wceaux_dll.yml 2020-10-15 15:41:13 -03:00
Jonhnathan 9bfd63ec26 Update win_hack_smbexec.yml 2020-10-15 15:20:08 -03:00
Jonhnathan e5789a2a52 Update win_dcsync.yml 2020-10-15 15:19:18 -03:00
Jonhnathan 777e49b76c Update win_av_relevant_match.yml 2020-10-15 15:17:33 -03:00
Jonhnathan b555628321 Update win_atsvc_task.yml 2020-10-15 15:15:01 -03:00
Jonhnathan 44735049b6 Update win_apt_stonedrill.yml 2020-10-15 15:14:27 -03:00
Jonhnathan 02a1ab4033 Update win_alert_mimikatz_keywords.yml 2020-10-15 15:11:10 -03:00
Jonhnathan 26b442ec48 Update win_alert_lsass_access.yml 
Getting rid of '*' use
 2020-10-15 15:09:35 -03:00
Jonhnathan 79c2b8d570 Update win_GPO_scheduledtasks.yml 
Getting rid of '*' use
 2020-10-15 15:07:16 -03:00
Jonhnathan 4aa96a2ac9 Update win_alert_enable_weak_encryption.yml 2020-10-15 15:05:49 -03:00
Jonhnathan 5765573907 Update win_alert_active_directory_user_control.yml 
Getting rid of '*' use
 2020-10-15 15:04:08 -03:00
Jonhnathan 1c06c9e166 Update win_admin_share_access.yml 
Getting rid of '*' use
 2020-10-15 15:03:31 -03:00
Jonhnathan 085dc21d25 Update win_admin_rdp_login.yml 
Getting rid of '*' use
 2020-10-15 15:02:40 -03:00
Jonhnathan 9c7a23e432 Update win_account_discovery.yml 
Getting rid of '*' use
 2020-10-15 15:01:31 -03:00
Remco Hofman 6cadfa5b2b Added win_vul_cve_2020_1472 rule 2020-09-15 15:13:53 +02:00
Florian Roth 50db6dcc69 Merge pull request #1002 from scottdermott/master 
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx)
 2020-09-15 08:17:02 +02:00
Yugoslavskiy Daniil 1fc202fe5d fix typos, update tags 2020-09-13 15:46:45 +02:00
Dermott, Scott J c72ac8f73e Merge branch 'master' of https://github.com/scottdermott/sigma 2020-09-11 16:19:54 +01:00
Scott Dermott 1f50e0af35 + Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx) 
AD Connect on premise AD accounts to Azure AD.  The replication process is completed under the context of the 'MSOL_xxxxxxxx' user account.  The AD Connect application is installed on a member server (i.e. not on a DC).  
https://techcommunity.microsoft.com/t5/azure-advanced-threat-protection/ad-connect-msol-user-suspected-dcsync-attack/m-p/788028
 2020-09-11 16:06:51 +01:00
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
Florian Roth 7ddb63ec1b fix: FPs with McAfee and CyberReason 2020-09-02 12:30:34 +02:00
Yugoslavskiy Daniil 5026438524 fix modified field 2020-08-25 01:29:57 +02:00
Yugoslavskiy Daniil 42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Florian Roth 8970d03f6f Merge pull request #952 from Neo23x0/devel 
feat: Detect duplicate rule tags
 2020-07-28 10:21:59 +02:00
Florian Roth 80f4b4ec71 fix: rules with duplicate tags 2020-07-27 11:44:47 +02:00
Ryan Plas aa548ba1a9 Add quotes due to a colon in the falsepositives string 2020-07-23 23:33:36 -04:00
Ryan Plas e52489aaf6 Change production status to stable 2020-07-23 23:33:36 -04:00
Aidan Bracher 1fd73a23b2 Updated tags with sub-techniques 2020-07-18 03:01:34 +01:00
Aidan Bracher 4ac1058ab5 Updated tags 2020-07-18 03:01:11 +01:00
Ryan Plas de53a08746 Merge branch 'master' of github.com:Neo23x0/sigma 2020-07-15 10:27:33 -04:00
Florian Roth c7e412788a Merge pull request #924 from Neo23x0/devel 
Live MITRE ATT&CK data from TAXI service in Test Scripts
 2020-07-14 18:15:29 +02:00
Florian Roth 58b68758b4 fix: wrong MITRE ATT&CK ids used in the beta version 2020-07-14 17:53:32 +02:00