blue-team-tools

Author	SHA1	Message	Date
Qasim Qlf	685c3d7970	fix: detection name word 'activity' (#4119 )	2023-03-17 23:11:15 +01:00
Hieu Tran	0e934bd4b4	feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111 )	2023-03-17 13:00:57 +01:00
Florian Roth	0ebbd09ab4	fix: removed unnecessary escapes	2023-03-16 22:54:41 +01:00
Florian Roth	e4864b43d2	fix: regular expression	2023-03-16 22:46:08 +01:00
Nasreddine Bencherchali	4287d790ae	Update proc_creation_win_rundll32_webdav_client_susp_execution.yml	2023-03-16 19:34:23 +01:00
Nasreddine Bencherchali	53e86c8871	Update proc_creation_win_rundll32_webdav_client_execution.yml	2023-03-16 19:23:05 +01:00
Nasreddine Bencherchali	5ca7978ebe	fix: escape slashes	2023-03-16 19:20:53 +01:00
Nasreddine Bencherchali	49a43832c4	fix: enhance selection	2023-03-16 19:19:25 +01:00
Nasreddine Bencherchali	db62085f77	fix: ip regex	2023-03-16 19:18:36 +01:00
Nasreddine Bencherchali	5b14835a35	feat: add new rules related to `CVE-2023-23397`	2023-03-16 19:17:48 +01:00
Nasreddine Bencherchali	77cd0bf6c0	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali	1d45236bf6	fix: broken condition	2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali	d36f7e9819	fix: fp found in testing	2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali	933e99eef8	fix: cicd errors	2023-03-14 23:21:18 +01:00
Nasreddine Bencherchali	90574160ec	feat: new rules and update	2023-03-14 20:07:44 +01:00
Nasreddine Bencherchali	adf0ac1718	feat: attrib rules updates	2023-03-14 01:50:30 +01:00
Nasreddine Bencherchali	dba3839e23	feat: new rules related to `dotnet-dump`	2023-03-14 01:43:14 +01:00
Nasreddine Bencherchali	a599e7b4af	fix: add missing modified	2023-03-13 10:49:29 +01:00
Nasreddine Bencherchali	d7083f6175	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-13 10:48:08 +01:00
Nasreddine Bencherchali	1743ce90ea	fix: add missing modifier	2023-03-11 18:32:33 +01:00
Nasreddine Bencherchali	991c824f9a	feat: more updates	2023-03-10 23:32:32 +01:00
Nasreddine Bencherchali	c1b2b05cde	Update proc_creation_win_apt_apt31_judgement_panda.yml	2023-03-10 16:52:10 +01:00
Nasreddine Bencherchali	a8462ec916	feat: more apt rules updates	2023-03-10 16:50:29 +01:00
Nasreddine Bencherchali	b36fb603e0	fix: fp found in testing	2023-03-09 22:53:30 +01:00
Nasreddine Bencherchali	f23780de6f	feat: update and fixes	2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali	149256b0b9	fix: add missing modified date	2023-03-07 17:50:14 +01:00
Nasreddine Bencherchali	556e445e22	fix: update rules/windows/process_creation/proc_creation_win_hktl_powersploit_empire_default_schtasks.yml Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-03-07 17:49:21 +01:00
Nasreddine Bencherchali	7303137b14	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-07 17:07:12 +01:00
Nasreddine Bencherchali	2883c2e714	fix: test errors	2023-03-07 14:23:44 +01:00
Nasreddine Bencherchali	1378cf6d75	feat: update cmd based rules	2023-03-07 14:13:57 +01:00
Nasreddine Bencherchali	e2d48cf455	chore: rename wscript/cscript only rules	2023-03-06 01:09:29 +01:00
Nasreddine Bencherchali	e5c75d3232	fix: shorten filenames	2023-03-06 00:55:03 +01:00
Nasreddine Bencherchali	e3503d5d60	feat: more updates	2023-03-06 00:39:26 +01:00
Nasreddine Bencherchali	4439d85ea5	chore: renames with new sigma convention	2023-03-03 00:21:25 +01:00
Nasreddine Bencherchali	eae48afc53	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-03-01 19:10:50 +01:00
Nasreddine Bencherchali	cfea7a7bcc	fix: apply 2nd batch of suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali	8649d31048	fix: update modified field	2023-03-01 13:52:03 +01:00
markus-nclose	5d7fe8823b	Add reg.exe Reg.exe for Qakbot defense evasion. https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt xcopy C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\glanduleHoratory.exe /h /s /e	2023-03-01 13:27:59 +02:00
Nasreddine Bencherchali	f5f6ec3e64	fix: update modifiers Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-28 18:27:41 +01:00
Nasreddine Bencherchali	7da6ac6654	fix: apply typo fix suggestions from code review Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>	2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali	1353d57485	fix: issues with CICD	2023-02-28 15:59:13 +01:00
Nasreddine Bencherchali	5689263f30	fix: add missing modified	2023-02-28 15:44:37 +01:00
Nasreddine Bencherchali	137dcbcc50	feat: more updates and fixes	2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali	2234b7d180	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-28 12:34:41 +01:00
Gude5	39928d2cdf	feat: update del related detection (#4046 )	2023-02-27 15:19:28 +01:00
Nasreddine Bencherchali	40f587b63d	feat: more renames	2023-02-27 13:01:52 +01:00
$frack113$ frack113	d7e8407d0d	Update detection	2023-02-26 16:28:46 +01:00
Nasreddine Bencherchali	587fbbce58	chore: update pipe-notation rules to unsupported	2023-02-24 19:54:14 +01:00
Nasreddine Bencherchali	d6f3e7dacb	feat: rename rules for conventions	2023-02-24 19:33:24 +01:00
$frack113$ frack113	ae45af68ab	Update proc_creation_win_hktl_jlaive_batch_execution.yml	2023-02-22 17:13:48 +01:00

1 2 3 4 5 ...

4599 Commits