blue-team-tools

Author	SHA1	Message	Date
Qasim Qlf	2ac3f5c797	fix: condition	2023-01-30 19:13:11 +05:00
$frack113$ frack113	bd5e1da89c	Fix FP move	2023-01-29 09:42:48 +01:00
$frack113$ frack113	5087b95155	Merge remote-tracking branch 'upstream/master' into pormotion_status	2023-01-27 11:29:27 +01:00
$frack113$ frack113	2ba6c3c3f5	Merge pull request #3961 from tropChaud/patch-4 Create proc_creation_win_rhadamanthys_dll_launch.yml	2023-01-27 11:23:21 +01:00
Nasreddine Bencherchali	c9d29d5bdd	fix: typo in the description Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-01-27 10:53:59 +01:00
Nasreddine Bencherchali	af9b78971e	Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel	2023-01-27 10:50:37 +01:00
Nasreddine Bencherchali	0b5a4fd7c9	fix: add missing modified date	2023-01-27 10:50:04 +01:00
Nasreddine Bencherchali	432916d3c8	fix: update description Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-01-27 10:48:54 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali	3536580054	fix: rule filename	2023-01-27 01:15:05 +01:00
Nasreddine Bencherchali	6325e75d42	fix: apply suggestions from code review	2023-01-27 00:51:17 +01:00
Nasreddine Bencherchali	85c5f21818	feat: more updates, renames and fixes	2023-01-27 00:30:16 +01:00
IntelScott	6a954b6d08	Create proc_creation_win_rhadamanthys_dll_launch.yml	2023-01-26 17:26:18 -05:00
Nasreddine Bencherchali	58912f5eda	Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel	2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali	242814f3e9	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-01-26 23:01:17 +01:00
Nasreddine Bencherchali	c538550b03	feat: updates and fixes	2023-01-26 22:42:56 +01:00
$frack113$ frack113	cb67871bd2	Revert "Change status of old rules"	2023-01-26 19:37:18 +01:00
Nasreddine Bencherchali	3c846a1c51	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-01-26 17:35:55 +01:00
$frack113$ frack113	5323fd4baa	Change status of old rules	2023-01-25 18:41:18 +01:00
Nasreddine Bencherchali	725c5ba420	fix: fp found in testing	2023-01-25 16:54:11 +01:00
phantinuss	32c89da010	fix: FPs in testing environment	2023-01-25 16:23:10 +01:00
$frack113$ frack113	f7b159350d	Merge pull request #3954 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-01-25 13:21:44 +01:00
Nasreddine Bencherchali	9e2c01521a	fix: broken condition	2023-01-24 16:54:15 +01:00
Nasreddine Bencherchali	9a03e4e13d	fix: fp found in testing	2023-01-24 16:51:37 +01:00
Nasreddine Bencherchali	d7bf5383a4	feat: update wsl related rules and other	2023-01-24 16:50:53 +01:00
phantinuss	a41a374901	fix: FPs found in testing environment	2023-01-24 10:30:43 +01:00
Nasreddine Bencherchali	fb1dcc1340	Merge pull request #3950 from nasbench/nasbench-rule-devel feat: updates and new rules	2023-01-23 14:03:43 +01:00
Nasreddine Bencherchali	e3f7feeb65	fix: update description Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-01-23 13:38:23 +01:00
phantinuss	628f616dbe	fix: sharpen regex to not match default windows rundll32 usage	2023-01-23 12:57:50 +01:00
Nasreddine Bencherchali	58fbe4a100	feat: update wsl lolbin	2023-01-23 01:05:28 +01:00
Nasreddine Bencherchali	2f6161619b	fix: add missing filter	2023-01-22 23:45:22 +01:00
Nasreddine Bencherchali	47fa1dff54	fix: fp with iissetup	2023-01-22 23:41:56 +01:00
Nasreddine Bencherchali	f2cf68cf14	fix: broken condition	2023-01-22 23:32:14 +01:00
Nasreddine Bencherchali	1c2b6f40a6	feat: updates and new rules	2023-01-22 23:31:02 +01:00
$frack113$ frack113	f25ad0f1a3	Merge pull request #3949 from frack113/import_module_dll Import module dll	2023-01-22 20:54:00 +01:00
Nasreddine Bencherchali	c9b230de6d	feat: update pwsh ad module rules	2023-01-22 20:07:42 +01:00
$frack113$ frack113	40592f463f	Add Microsoft.ActiveDirectory.Management.dll	2023-01-22 19:34:09 +01:00
$frack113$ frack113	75c01db53b	Add import_module dll	2023-01-22 17:38:59 +01:00
Florian Roth	a11051447e	Merge pull request #3948 from SigmaHQ/rule-devel doc: adding another reference	2023-01-22 11:18:59 +01:00
Florian Roth	e95f0d03b4	doc: adding another reference	2023-01-22 11:03:59 +01:00
Florian Roth	1820b04917	Merge pull request #3947 from SigmaHQ/rule-devel docs: authors extended	2023-01-22 11:02:31 +01:00
Florian Roth	f2d633ad1a	docs: authors extended	2023-01-22 10:57:11 +01:00
Florian Roth	9739cb1c69	Merge pull request #3946 from SigmaHQ/rule-devel rule: susp svchost sub process	2023-01-22 10:32:06 +01:00
Nasreddine Bencherchali	f1c9112413	fix: update filename	2023-01-22 01:04:27 +01:00
Nasreddine Bencherchali	a530e7ad36	fix: add more detail	2023-01-22 01:00:55 +01:00
Florian Roth	52a4985dce	rule: susp svchost sub process	2023-01-21 23:45:22 +01:00
Nasreddine Bencherchali	ecaf89dd91	fix: fp with powercat	2023-01-21 18:15:37 +01:00
$frack113$ frack113	63045048e3	Merge pull request #3910 from cyb3rjy0t/patch-3 ADS stored DLL execution using Rundll32	2023-01-21 13:24:22 +01:00
Nasreddine Bencherchali	585f3a2f36	fix: update regex	2023-01-21 13:02:11 +01:00
Nasreddine Bencherchali	72fe5040f9	Merge pull request #3944 from nasbench/nasbench-rule-devel feat: new rules and fp fixes	2023-01-21 12:46:46 +01:00

1 2 3 4 5 ...

4388 Commits