blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	2acebc90f2	Merge PR #4702 from @nasbench - Rule tuning and updates fix: Dllhost.EXE Initiated Network Connection To Non-Local IP Address - Add additional filter fix: Outbound RDP Connections Over Non-Standard Tools - Update filters fix: Rundll32 Execution With Uncommon DLL Extension - Error in filter logic remove: Suspicious Non-Browser Network Communication With Reddit API update: BITS Transfer Job Download From File Sharing Domains - Add additional domains update: Dfsvc.EXE Initiated Network Connection Over Uncommon Port - Update image and list of ports update: HH.EXE Initiated HTTP Network Connection - Update list of ports update: Microsoft Binary Suspicious Communication Endpoint - Enhance list of paths and filters update: Msiexec.EXE Initiated Network Connection Over HTTP - Update destination ports update: Network Connection Initiated To Mega.nz - Update domains update: Office Application Initiated Network Connection Over Uncommon Ports - Update list of ports update: Office Application Initiated Network Connection To Non-Local IP - update list of filters update: Potential Dead Drop Resolvers - Update domains and filters update: Remote CHM File Download/Execution Via HH.EXE - Enhance logic update: Suspicious Download From File-Sharing Website Via Bitsadmin - Add additional domains update: Suspicious File Download From File Sharing Domain Via Curl.EXE - Add additional domains update: Suspicious File Download From File Sharing Websites - Add additional domains update: Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE - Add additional domains update: Suspicious Remote AppX Package Locations - Add additional domains update: Unusual File Download From File Sharing Websites - Add additional domains	2024-02-12 12:29:36 +01:00
github-actions[bot]	367ebd9395	Merge PR #4700 from @nasbench - Promote older rules status from `experimental` to `test` chore: promote older rules status from experimental to test	2024-02-01 02:09:31 +01:00
Nasreddine Bencherchali	95793d73bd	Merge PR #4482 From @nasbench - Add New Automation Workflows chore: update workflows and add quality of life updates and automation to the repository --------- Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-10-18 11:53:44 +02:00
Nasreddine Bencherchali	c39581217a	feat: update rules using file sharing domains	2023-08-17 13:39:59 +02:00
Nasreddine Bencherchali	b20e7b449c	feat: rules update	2023-07-26 10:56:18 +02:00
Nasreddine Bencherchali	3d9372bef3	feat: new rules, updates and fp fixes (#4136 )	2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali	0909b65bff	feat: update sharing websites	2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali	28a3413aa7	feat: updates and enhancements	2023-01-11 01:03:52 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
$frack113$ frack113	c820216541	Update Title (#3733 )	2022-11-28 06:43:17 +01:00
$frack113$ frack113	8b749fb126	Order yaml field	2022-10-25 11:08:51 +02:00
Florian Roth	4baa18bd33	refactor: added transfer.sh domain	2022-08-24 16:51:26 +02:00
Nasreddine Bencherchali	b905df6bc7	Updates + New Rules	2022-08-09 18:35:45 +01:00
Nasreddine Bencherchali	16b2945027	New Rules + Update	2022-07-14 17:35:50 +01:00
Nasreddine Bencherchali	238e0ecd7d	Update Ref+Selection	2022-07-11 14:11:53 +01:00
Florian Roth	991ff677c3	rule: bitsadmin coverage	2022-06-28 15:34:19 +02:00
Tim Shelton	6ae85eb557	Adding support for mozilla download via bits	2022-06-21 12:38:06 +00:00
Florian Roth	49f37684dc	fix: FPs with BITS rule	2022-06-12 17:30:17 +02:00
Florian Roth	ed2ab816be	refactor: BITS rules new and reworked	2022-06-10 13:16:40 +02:00
$frack113$ frack113	53651cdd2f	Add Bits-Client rules	2022-03-03 06:27:00 +01:00

22 Commits