security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,589 Commits 1 Branch 57 Tags
87879f69cfdfa1e759c69cda797c8dfd4c8bb2dd
Commit Graph

356 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 92a23276cf Merge pull request #3972 from frack113/hijacklibs 
feat: add additional new dlls for abuse from hijacklibs
 2023-01-30 10:49:11 +01:00
Nasreddine Bencherchali cb1ea104b6 fix: remove unnecessary space 2023-01-30 10:42:48 +01:00
Nasreddine Bencherchali 8bcedc7c52 fix: update title and description 2023-01-30 10:41:27 +01:00
Qasim Qlf a39896f66a fix: condition 2023-01-30 14:27:59 +05:00
frack113 072d6bda9b Add more dll 2023-01-29 16:50:06 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali 58912f5eda Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali 1c2b6f40a6 feat: updates and new rules 2023-01-22 23:31:02 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
frack113 c3fabfe2a8 Update image_load_side_load_non_existent_dlls.yml 2023-01-10 10:41:48 +01:00
Nasreddine Bencherchali 81f75c1d2e feat: updates and enhancements 2023-01-10 00:13:37 +01:00
Nasreddine Bencherchali 18a77e79e3 fix: multiple issues 2023-01-06 18:04:04 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
frack113 0aad498425 Last lolbin (#3845) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-31 19:53:44 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 05bdb9af74 fix: rename files to fit logic 2022-12-19 19:28:23 +01:00
Nasreddine Bencherchali ff94bfee2b fix: update description to fit logic 2022-12-19 19:23:11 +01:00
Nasreddine Bencherchali c374413664 fix: change to permalink 2022-12-19 18:15:57 +01:00
Nasreddine Bencherchali 060174e2dd fix: small fixes 
- Added modified date
- Updated DLL sideload version
 2022-12-19 18:14:01 +01:00
frack113 646351808e Refractor (#3794) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali 3868dd91c6 feat: updates and enhancements 2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali cc658743e6 fix: add additional reference 2022-12-14 23:25:13 +01:00
frack113 c7e772eff9 Add image_load_side_load_jsschhlp 2022-12-14 19:24:32 +01:00
Florian Roth 7365e12478 docs: explanation for filter 2022-12-14 13:08:10 +01:00
Florian Roth 232d7f840a fix: FPs noticed with Aurora 2022-12-14 13:05:58 +01:00
Nasreddine Bencherchali d8b69e7a02 Merge pull request #3779 from frack113/dll_classicexplorer 
Add image_load_side_load_classicexplorer32
 2022-12-13 18:41:01 +01:00
frack113 fd76082c14 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-13 18:26:42 +01:00
frack113 3b88cab510 Add image_load_side_load_classicexplorer32 2022-12-13 10:26:21 +01:00
Nasreddine Bencherchali 14d174e218 feat: update rules related to dll sideloading 2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali cde2bdfc22 fix: fix typo in fieldname and close #2101 2022-12-09 17:11:03 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali 77b1234572 fix: apply code review changes 2022-12-03 11:55:54 +01:00
Nasreddine Bencherchali 0c3a0d4c39 fix: fp metadata 2022-12-02 23:38:18 +01:00
Nasreddine Bencherchali 3c90fb1c33 fix: fix metadata information 2022-12-02 23:22:23 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
Nasreddine Bencherchali b6dce4b6a5 feat: general fixes 2022-11-22 01:22:36 +01:00
Nasreddine Bencherchali 13fbab9a87 Update image_load_susp_python_image_load.yml 2022-11-08 17:33:45 +01:00
Nasreddine Bencherchali f312455db5 Update rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml 2022-11-08 17:26:24 +01:00
Nasreddine Bencherchali ae2c09f866 Update rules/windows/image_load/image_load_in_memory_powershell.yml 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-11-08 17:25:53 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
phantinuss 0165f9b05b Merge pull request #3664 from frack113/DeleteShadowCopies 
Add image_load_susp_vss_dll_load
 2022-11-01 12:32:04 +01:00
Nasreddine Bencherchali 4bdc286a02 Update rules/windows/image_load/image_load_susp_python_image_load.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-01 11:10:07 +01:00