security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,034 Commits 1 Branch 57 Tags
889efd1663f0781e110f32e8e81e88a311e6c500
Commit Graph

56 Commits

Author SHA1 Message Date
Florian Roth e6e0ffbdce Merge PR #4674 from @Neo23x0 - Increase hack tool coverage 
update: Hacktool Execution - Imphash - Add additional imphash values to increase coverage
update: Findstr Launching .lnk File - Increase coverage by adding cases where the commandline ends with a double or a single quote.
---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2024-01-15 15:24:03 +01:00
Florian Roth 2535a61f71 Merge PR #4647 from @Neo23x0 - add new hack tool by imphash 
update: Hacktool Named File Stream Created - Added new Imphash values for `EDRSandBlast`, `EDRSilencer` and `Forensia` utilities.

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2024-01-10 14:11:33 +01:00
github-actions[bot] c3fe2da997 chore: promote older rules status from experimental to test (#4651) 
Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2024-01-01 09:00:51 +01:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
Nasreddine Bencherchali be9abb9364 feat: update cl diag script rules 2023-08-17 19:26:21 +02:00
Nasreddine Bencherchali c39581217a feat: update rules using file sharing domains 2023-08-17 13:39:59 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
Nasreddine Bencherchali e39b85a3f4 fix: fp found in testing 2023-06-14 00:23:28 +02:00
Nasreddine Bencherchali d468c2fb33 feat: add more extensions and fix metadata 2023-05-18 22:55:18 +02:00
Nasreddine Bencherchali 9ebec1c6e3 fix: apply suggestions from code review 2023-05-18 22:54:53 +02:00
Florian Roth 11069e87c6 docs: add url 2023-05-18 14:58:44 +02:00
Florian Roth 8bad6f0ebc .zip domain stream hash - file type download 2023-05-18 14:54:43 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Florian Roth dee38387c5 more backstab hashes 2023-05-05 13:17:01 +02:00
Florian Roth 91956f8058 Merge branch 'master' into rule-devel 2023-05-05 10:10:24 +02:00
Florian Roth efb99a12f2 Update create_stream_hash_hacktool_download.yml 2023-05-05 10:09:50 +02:00
Florian Roth 5d3dd08ab8 Backstab tool imphash 2023-05-05 09:55:08 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Nasreddine Bencherchali 032570a080 feat: more winget updates 2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali 1d89b041ae fix: change title from domain to wbesites 2023-02-10 10:49:52 +01:00
Nasreddine Bencherchali 5e3aae4970 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-10 10:38:45 +01:00
Nasreddine Bencherchali 82d0b9e10c fix: add missing modified and improve test 2023-02-10 00:56:07 +01:00
Nasreddine Bencherchali 82cde0e10c feat: update rules related to onenote and more 2023-02-10 00:40:16 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Florian Roth e493a41bc6 Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs noticed in Nextron testing CI
 2022-12-05 18:54:31 +01:00
Florian Roth 1796502b90 fix: FPs noticed in Nextron testing CI 2022-12-05 17:39:42 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
Florian Roth c6d02d6fe2 rule: modified date update, PPLKiller 2022-11-12 09:27:41 +01:00
Florian Roth 6f26d672f1 refactor: add forkatz imphash 2022-11-12 08:39:36 +01:00
Nasreddine Bencherchali e8f10733e0 Add browsers 2022-10-31 20:57:22 +01:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
frack113 f78e9e9034 Add rule 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-24 17:52:05 +02:00
Florian Roth e92f2475b6 refactor: JuicyPotatoNG imphashes 2022-10-06 08:30:48 +02:00
frack113 6813043323 Merge pull request #3468 from nasbench/nasbench-rule-devel 
Rule Devel
 2022-09-08 06:29:36 +02:00
Nasreddine Bencherchali b70ac17676 Fix 2022-09-07 21:58:22 +02:00
Florian Roth 2ac92283e6 indentation and new hashes 2022-09-07 16:05:48 +02:00
Florian Roth b293a7a181 refactor: SysmonEnte, SharpEvtMute, SysmonQuiet 2022-09-07 16:01:05 +02:00
Florian Roth 6f1ff59027 SysmonEnte Hashes 2022-09-07 15:29:09 +02:00
Nasreddine Bencherchali df257caa4c Update create_stream_hash_susp_ip_domains.yml 2022-09-07 12:17:18 +02:00
Nasreddine Bencherchali dc90e08f3e More updates 2022-09-07 12:02:09 +02:00
Florian Roth 02d7e8f2a4 fix: duplicate UUIDs 2022-08-25 08:23:48 +02:00
Florian Roth 2b776cdfbb refactor: renamed old sysmon_ file names w/ new prefix 2022-08-24 16:51:12 +02:00
Florian Roth d18fced5dd rules: create stream hash rules 2022-08-24 16:50:40 +02:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
Florian Roth b7f982734a fix: dysfunctional imphash rules 2021-12-08 11:26:17 +01:00