security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,130 Commits 1 Branch 57 Tags
8f8ce06ffb8d8fd3433dbffebccd33ec9d23e51a
Commit Graph

13 Commits

Author SHA1 Message Date
Mohamed Ashraf f21281ab29 Merge PR #4815 from - Add new malware user-Agent 2024-04-15 10:26:56 +02:00
Mohamed Ashraf 987a733adc Merge PR #4614 from @X-Junior - updates for multiple rules 4-12-2023 
update: PowerShell Execution With Potential Decryption Capabilities
update: Malware User Agent

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-12-11 10:42:44 +01:00
Mohamed Ashraf e873392366 Merge PR #4522 from @X-Junior - updating multiple rules
Create Release / Create Release (push) Has been cancelled
Details 
update: Obfuscated IP Via CLI - increase coverage for more types of obfuscation and fix logic
update: Obfuscated IP Download Activity - increase coverage for more types of obfuscation and fix logic
update: Csc.EXE Execution Form Potentially Suspicious Parent - add more MS Office tools, suspicious locations and filter known FPs
update: Dynamic .NET Compilation Via Csc.EXE - add more suspicious locations
update: Malware User Agent - add new user agents

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-11-06 17:07:33 +01:00
Mohamed Ashraf cc3011b814 Merge PR #4543 from @X-Junior - Add & Update Multiple Rules 
new: Enable Remote Connection Between Anonymous Computer - AllowAnonymousCallback
update: Weak or Abused Passwords In CLI - Increase coverage
update: Malware User Agent - Increase UAs coverage
update: Potentially Suspicious Cabinet File Expansion - Increase coverage
update: HackTool - CrackMapExec - Fix logic
update: Port Forwarding Activity Via SSH.EXE - Increase coverage
update: Suspicious File Creation Activity From Fake Recycle.Bin Folder - Increase coverage
update: Suspicious Process Execution From Fake Recycle.Bin Folder  - Increase coverage

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-11-06 14:13:31 +01:00
Nasreddine Bencherchali 95793d73bd Merge PR #4482 From @nasbench - Add New Automation Workflows 
chore: update workflows and add quality of life updates and automation to the repository

---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-10-18 11:53:44 +02:00
Josh f083be8458 Fixed typo in comment 
DragonOK and not dargonOK :)
 2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali 4ce1bf45b6 feat: update malware ua 2023-04-12 16:12:11 +02:00
Mohamed Ashraf dc83671da0 Update proxy_ua_malware.yml 2023-03-27 13:13:16 +02:00
Mohamed Ashraf (X__Junior) e868b66592 Update proxy_ua_malware.yml 2023-03-27 11:10:14 +02:00
Nasreddine Bencherchali eb5d96f270 fix: update modified 2023-03-20 16:44:29 +01:00
Mohamed Ashraf (X__Junior) 87404ea1e1 Update proxy_ua_malware.yml 2023-03-20 17:41:13 +02:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 8b321ba0b2 Order root rules folder 2023-01-31 14:05:08 +01:00