security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,063 Commits 1 Branch 57 Tags
82fbfed2c2319acd4eefa9dba5d2694de546172a
Commit Graph

2645 Commits

Author SHA1 Message Date
Ömer Günal 0c3ce445da Delete remote_copy.yml 2020-06-29 18:51:18 +03:00
Florian Roth bb214f5832 rule: Explorer Root Flag Process Tree Break 2020-06-29 12:07:15 +02:00
j91321 24029d998a FIX: lint error for title 2020-06-28 11:05:19 +02:00
j91321 ae842a65cb Windows Defender rules and logsource 2020-06-28 10:55:32 +02:00
Thomas Patzke d1f37bdbd4 Merge pull request #828 from stevengoossensB/master 
Split rules based on Sysmon event ID
 2020-06-28 00:00:32 +02:00
Pushkarev Dmitry 502ec4b417 add win_not_allowed_rdp_access.yml rule 2020-06-26 22:15:53 +00:00
Florian Roth 3decee07ba fix: bugfix and cosmetics 2020-06-24 18:10:58 +02:00
Florian Roth f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00
Florian Roth 4224a6517d Merge pull request #859 from Neo23x0/rule-devel 
fix: duplicate IDs
 2020-06-24 17:23:13 +02:00
Florian Roth c3ffa0b9d3 fix: duplicate IDs 2020-06-24 17:04:04 +02:00
Brad Kish d385cbfa69 Fix quoting for AD Object WriteDAC Access 
The AccessMask field needs to be quoted so that it is compared correctly.
 2020-06-22 15:31:03 -04:00
Ömer Günal 4eb97ec43d Update lnx_file_copy.yml 2020-06-22 21:35:50 +03:00
Furkan ÇALIŞKAN b091e3b1c4 Update for new method 
Update for method mentioned in https://ired.team/offensive-security/code-execution/code-execution-through-control-panel-add-ins
 2020-06-22 01:06:34 +03:00
Ömer Günal d17e0ae6eb typo 2020-06-20 23:04:52 +03:00
Florian Roth e1225784f7 fix: fixed indentation 2020-06-19 09:54:08 +02:00
Florian Roth 62632db818 refactor: added variant to IE rule 2020-06-19 09:53:35 +02:00
Florian Roth 5cb6f5da9d fix: title adjusted 2020-06-19 09:39:11 +02:00
Florian Roth b8a5cd4787 Disabled IE Security Features 2020-06-19 09:37:10 +02:00
Florian Roth da060bfb90 Ke3chang rule 2020-06-19 09:36:54 +02:00
Florian Roth b675c4c706 Merge branch 'master' into rule-devel 2020-06-19 09:24:26 +02:00
Ömer Günal 93719d8a01 Merge pull request #1 from omergunal/omergunal-patch-1 
Remote file copy
 2020-06-18 23:56:29 +03:00
Ömer Günal 40a07a2d4f Delete lnx_sudo_enumeration.yml 2020-06-18 23:55:24 +03:00
Ömer Günal d87b0c95a4 Delete lnx_trap.yml 2020-06-18 23:55:16 +03:00
Ömer Günal 8db7c3207a Delete lnx_sudo_caching.yml 2020-06-18 23:54:43 +03:00
Ömer Günal 5bc72b6cba Delete lnx_space_after_filename.yml 2020-06-18 23:54:28 +03:00
Ömer Günal f10440b9fa Delete lnx_setuid_setgid.yml 2020-06-18 23:54:20 +03:00
Ömer Günal 6c8d104e7d Delete lnx_disabling_security_tools.yml 2020-06-18 23:54:06 +03:00
Ömer Günal 84c4683607 Delete lnx_connection_proxy.yml 2020-06-18 23:53:43 +03:00
Ömer Günal c4a1e853bc Remote file copy 2020-06-18 23:47:53 +03:00
Ömer Günal c6c455a3ec Remote file copy 2020-06-18 23:37:49 +03:00
Ömer Günal 9bfc3d6807 Delete lnx_file_copy.yml 2020-06-18 23:37:12 +03:00
Ömer Günal a963630db8 Remote File Copy 2020-06-18 23:36:29 +03:00
Florian Roth 4b0c80885f Merge pull request #810 from EccoTheFlintstone/fp 
add WMI module load false positives
 2020-06-18 12:50:40 +02:00
Florian Roth 32ecb81630 Merge pull request #845 from ikiril01/att&ck_subtechniques_v2 
ATT&CK subtechniques v2
 2020-06-18 09:10:09 +02:00
Ivan Kirillov b343df2225 Further subtechnique updates 2020-06-17 11:31:40 -06:00
Ömer Günal 3a607abe33 Update lnx_trap.yml 2020-06-17 19:51:53 +03:00
ecco 99bfa14ae0 add 1 more FP 2020-06-17 12:49:27 -04:00
Ömer Günal 7b86f4aefb Update lnx_trap.yml 2020-06-17 19:47:31 +03:00
Ömer Günal ebbd32d2e1 file extension 2020-06-17 19:43:57 +03:00
Ömer Günal f989f7e155 file extension 2020-06-17 19:43:49 +03:00
Ömer Günal 772c03c49a Connection Proxy 2020-06-17 19:39:55 +03:00
Ömer Günal 9d285ecf74 Trap 2020-06-17 19:39:00 +03:00
Ömer Günal d0b66ab828 Space After Filename 2020-06-17 19:38:38 +03:00
Ömer Günal 3b8fb9e3d8 Disabling Security Tools 2020-06-17 19:38:10 +03:00
Florian Roth 0022705373 fix: filter not functional 
since `UsrLogon.cmd` does appear only in `C:\Windows\system32\cmd.exe /c UsrLogon.cmd` command line
 2020-06-17 16:09:44 +02:00
Ivan Kirillov 5c0bb0e94f Fixed indentation 2020-06-16 15:01:13 -06:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth fd2429bd34 Update lnx_setuid_setgid.yml 2020-06-16 19:46:50 +02:00
Florian Roth 06fe720165 Update lnx_sudo_enumeration.yml 2020-06-16 19:33:39 +02:00
Florian Roth 545c05d4d3 Update lnx_setuid_setgid.yml 2020-06-16 19:31:34 +02:00