security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,213 Commits 1 Branch 57 Tags
8de7cc28eebbbb9ccf4044918c618c601e2fa402
Commit Graph

4617 Commits

Author SHA1 Message Date
Florian Roth f196e3174d refactor: moved last global rule to unsupported 2021-09-26 10:54:11 +02:00
frack113 7dc574bc01 Merge pull request #2078 from kidrek/win_process_dump_rdrleakdiag 
add new rule win_process_dump_rdrleakdiag
 2021-09-25 07:55:52 +02:00
kidrek 267da51745 The issues have been fixed 2021-09-24 22:18:00 +02:00
kidrek ecd4719a20 add new rule win_process_dump_rdrleakdiag 2021-09-24 18:22:06 +02:00
frack113 ef75695647 convert re to endswith 2021-09-24 15:39:56 +02:00
frack113 aa96f21d0f fix filename 2021-09-23 14:52:56 +02:00
Florian Roth bb2e6acd40 Merge pull request #1926 from pbssubhash/master 
Adding CVE's Exploitation attempt detection: Year - 2010
 2021-09-23 14:08:15 +02:00
frack113 c59b0eb543 Merge pull request #2063 from frack113/last_global 
Split Last Global Rules
 2021-09-23 13:54:57 +02:00
Florian Roth 3107ede1c4 Merge branch 'pr/2065' 2021-09-23 09:18:15 +02:00
Austin Songer 53f426342c Update win_file_winword_cve_2021_40444.yml 2021-09-22 22:26:05 -05:00
Austin Songer ab613af365 Update sysmon_atlassian_confluence_cve_2021_26084_exploit.yml 2021-09-22 22:24:24 -05:00
frack113 3ac0d93f5b Merge pull request #2062 from Pooch11/win-apt-greenbug-fix 
win-apt-greenbug-fix small change to B64encoded value of '/server='
 2021-09-22 20:05:37 +02:00
frack113 6e6d57b019 fix filename 2021-09-22 18:45:08 +02:00
unknown 9924cc3946 win-apt-greenbug-fix amend b64 value of /server= as seen in IOC 2021-09-22 10:33:04 -04:00
frack113 ab5f5f95bc fix filename 2021-09-22 16:27:05 +02:00
frack113 3c906b52a0 fix filename 2021-09-22 16:21:07 +02:00
frack113 7b995f2d99 Merge pull request #2057 from secDre4mer/master 
Add two rules
 2021-09-22 09:15:32 +02:00
frack113 045e87058b add definition 2021-09-22 08:40:08 +02:00
unknown 3ace73f9fd win-apt-greenbug-fix - change modified date as well 2021-09-21 16:59:32 -04:00
unknown 993bf46550 win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria 2021-09-21 16:56:01 -04:00
frack113 db9e6124e3 fix too many blank lines 2021-09-21 20:24:02 +02:00
frack113 6e08ba55c4 fix error 2021-09-21 20:16:26 +02:00
frack113 b5e91d7185 fix field name and date 2021-09-21 19:41:46 +02:00
frack113 d37685d7cc split global win_cobaltstrike_service_installs.yml 2021-09-21 19:36:34 +02:00
frack113 06a07605fd split global win_mal_creddumper.yml 2021-09-21 19:31:52 +02:00
Florian Roth d884f774f9 Update powershell_memorydump_getstoragediagnosticinfo.yml 2021-09-21 18:01:46 +02:00
phantinuss 46febf48b0 fix: remove rule, too many FPs and no better matching criteria 2021-09-21 16:52:17 +02:00
frack113 dde3b17c20 split global win_mal_service_installs.yml 2021-09-21 16:17:59 +02:00
frack113 518d294ee9 fix id error 2021-09-21 16:06:27 +02:00
frack113 b9d14ef55a split global win_metasploit_or_impacket_smb_psexec_service_install.yml 2021-09-21 16:02:47 +02:00
Max Altgelt bf9bc03258 chore: properly name and describe rules 2021-09-21 15:59:01 +02:00
frack113 9dbc71ca2f split global win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml 2021-09-21 15:50:06 +02:00
frack113 0dd549ba67 fix selection name 2021-09-21 15:25:03 +02:00
frack113 7c8d1ab037 split global win_moriya_rootkit.yml 2021-09-21 15:18:25 +02:00
frack113 a4ad7e5358 split global win_net_ntlm_downgrade.yml 2021-09-21 15:10:08 +02:00
Max Altgelt 8c3faa390c feat: Add rule for live memory dumping 2021-09-21 15:09:12 +02:00
frack113 a5c8fba7a5 fix error 2021-09-21 15:01:51 +02:00
frack113 20a785bad3 split global win_powershell_script_installed_as_service.yml 2021-09-21 13:55:04 +02:00
frack113 8c13bd23b9 split global win_powershell_web_request 2021-09-21 13:44:19 +02:00
frack113 ba3c7a020a split global win_root_certificate_installed.yml 2021-09-21 13:34:32 +02:00
frack113 6368a88ad3 split global win_software_discovery.yml 2021-09-21 13:28:47 +02:00
frack113 332bed7906 split global win_susp_eventlog_cleared.yml 2021-09-21 13:22:40 +02:00
frack113 99f24a95a6 split global win_susp_failed_logons_single_source.yml 2021-09-21 13:19:00 +02:00
frack113 06ed7c41af split clobal win_tap_driver_installation.yml 2021-09-21 13:15:21 +02:00
frack113 5951ad1d9a Merge pull request #2056 from frack113/some_global 
Split  global rules
 2021-09-21 12:42:59 +02:00
frack113 0884a70e28 fix tests.py error 2021-09-21 10:52:37 +02:00
frack113 4718f914e9 split global sysmon_hack_dumpert.yml 2021-09-21 10:43:42 +02:00
frack113 5fc82e5dc6 split global sysmon_tttracer_mod_load.yml 2021-09-21 10:39:02 +02:00
frack113 4c85858e12 split global sysmon_regsvr32_network_activity.yml 2021-09-21 10:33:47 +02:00
frack113 c0e24e9236 split global win_defender_disabled.yml 2021-09-21 10:24:52 +02:00