blue-team-tools

Author	SHA1	Message	Date
Thurein Oo	1e7a5b0cb3	Merge PR #4417 from @ThureinOo - Update SQL injections update: Added some bypass methods used by SQLI Injectors. --------- Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-09-06 11:19:10 +02:00
Thurein Oo	d43c500240	Merge PR #4416 from @ThureinOo - Increase SQL Injection Coverage update: Detects sql injection exploitation attempts - Increase coverage --------- Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-09-01 13:58:34 +02:00
Thurein Oo	421bbed383	Merge PR #4409 from @ThureinOo - Increase Coverage Of Path Traversal Exploitation Rule update: Detects path traversal exploitation attempts - Increase coverage --------- Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-09-01 10:54:32 +02:00
Tessa Georgen	60b8e9b70f	Merge PR #4392 from @tjgeorgen - Update MITRE Tags - update: update MITRE tags for multiple rules --------- Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-08-28 16:53:27 +02:00
phantinuss	188236a4eb	Merge PR #4393 from @phantinuss - use explicit CIDR notation for loopback fix: Search-ms and WebDAV Suspicious Indicators in URL - use explicit CIDR notation for loopback	2023-08-25 10:29:04 +02:00
phantinuss	f9893202e5	fix: IPv6 prefix	2023-08-22 13:17:40 +02:00
phantinuss	24e7333f15	fix: typo	2023-08-22 11:43:04 +02:00
Nasreddine Bencherchali	89c6ea2ef0	Update rules/web/proxy_generic/proxy_webdav_search_ms.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-22 11:42:08 +02:00
Nasreddine Bencherchali	201066947b	feat: update detection & metadata	2023-08-22 11:00:55 +02:00
Micah Babinski	8d16ed2cc2	Added search(-ms)/WebDAV rules	2023-08-04 17:37:54 -07:00
Josh	f083be8458	Fixed typo in comment DragonOK and not dargonOK :)	2023-07-17 14:39:48 -04:00
phantinuss	6c4408ddff	chore: fix typo of lowercase Windows in description	2023-06-21 09:52:43 +02:00
Nasreddine Bencherchali	066f57abb8	chore: update rules from `r-dns` to `cs-host`	2023-05-18 23:03:23 +02:00
Axel-NTT	c1ba6e1505	Update proxy_ua_bitsadmin_susp_tld.yml to use proxy field	2023-05-17 13:46:28 +02:00
Nasreddine Bencherchali	e0a2d52671	Merge pull request #4218 from nasbench/fin7-rules feat: updates and new rules related to fin7	2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali	bbf1e54510	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-05-09 16:04:24 +02:00
$frack113$ frack113	c1a9712558	Review Web logsource	2023-05-08 11:04:16 +02:00
Nasreddine Bencherchali	24ed6be065	feat: updates and new rules related to fin7	2023-05-05 01:26:06 +02:00
Nasreddine Bencherchali	637d610884	chore: move rules to new folders (#4205 )	2023-05-02 23:17:57 +02:00
Nasreddine Bencherchali	797a8d0784	Update web_cve_2021_26858_iis_rce.yml	2023-04-26 10:42:38 +02:00
BlueT - Matthew Lien - 練喆明	8471faea15	fix web_cve_2021_26858_iis_rce.yml (all of -> "\|all") https://github.com/SigmaHQ/sigma/pull/3952 https://github.com/SigmaHQ/sigma-specification/discussions/53	2023-04-26 07:05:09 +08:00
Nasreddine Bencherchali	0c23616a12	fix: move to deprecated	2023-04-21 15:05:56 +02:00
Nasreddine Bencherchali	b26f9a9793	chore: move more rules	2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali	b851734126	chore: move 3cx related rules	2023-04-21 15:00:35 +02:00
Frank Iacovino	4e47720427	Correct rule description in web_apache_segfault.yml	2023-04-19 11:23:52 -04:00
Nasreddine Bencherchali	4ce1bf45b6	feat: update malware ua	2023-04-12 16:12:11 +02:00
Nasreddine Bencherchali	3d9372bef3	feat: new rules, updates and fp fixes (#4136 )	2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali	5138fef3e5	feat: update 3cx compromise related rules (#4156 )	2023-03-31 15:01:41 +02:00
Arnim Rupp	b2e9b47e91	feat: add new domain to rules related to 3CX compromise (#4154 )	2023-03-30 13:18:11 +02:00
Nasreddine Bencherchali	c08a50758b	feat: update	2023-03-29 18:59:24 +02:00
Mohamed Ashraf	dc83671da0	Update proxy_ua_malware.yml	2023-03-27 13:13:16 +02:00
Mohamed Ashraf (X__Junior)	e868b66592	Update proxy_ua_malware.yml	2023-03-27 11:10:14 +02:00
Gavin Knapp	ec892dec93	feat: new rule `proxy_susp_ipfs_cred_harvest.yml` (#4113 )	2023-03-24 12:29:25 +01:00
Nasreddine Bencherchali	eb5d96f270	fix: update modified	2023-03-20 16:44:29 +01:00
Mohamed Ashraf (X__Junior)	87404ea1e1	Update proxy_ua_malware.yml	2023-03-20 17:41:13 +02:00
$frack113$ frack113	4d8a6ca51f	Merge pull request #4073 from nasbench/nasbench-rule-devel feat: updates and fixes	2023-02-24 17:50:50 +01:00
Nasreddine Bencherchali	4da9252bba	fix: add missing space	2023-02-23 19:33:00 +01:00
Bhabesh	d3cfc7a7fa	Fixed field name	2023-02-24 00:12:16 +05:45
Bhabesh	dee1558a8d	Added rule (fixed) for CVE-2023-23752 in Joomla	2023-02-23 23:40:08 +05:45
Nasreddine Bencherchali	078e3ab500	feat: updates and fixes	2023-02-23 12:49:44 +01:00
IsaAlMannaei	d9d9227910	feat: new rule related to CVE-2022-21587 (#4037 )	2023-02-14 14:30:12 +01:00
Nasreddine Bencherchali	1f34cecadf	fix: multiple typos Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-06 12:28:45 +01:00
Nasreddine Bencherchali	fc818bbbdc	feat: multiple updates and fixes	2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
$frack113$ frack113	8b321ba0b2	Order root rules folder	2023-01-31 14:05:08 +01:00
$frack113$ frack113	9320bf246d	Order root rules folder	2023-01-29 09:49:42 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali	9fe829af52	feat: new rules related to CVE-2022-44877	2023-01-20 13:51:17 +01:00
Nasreddine Bencherchali	26fef9bfd1	fix: add logic to the correct rule	2023-01-19 00:59:13 +01:00
cyb3rjy0t	a27457715b	CVE-2022-82889	2023-01-16 14:34:41 -05:00

1 2 3 4 5 ...

400 Commits