security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,205 Commits 1 Branch 57 Tags
9504a5a7a70259d94b4ec4c19fafcccf76632d04
Commit Graph

15205 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
swachchhanda 9504a5a7a7 mend 
removed system_integrity
 2023-04-20 17:31:26 +05:45
swachchhanda b3f97c676d Added new rule that identifies the creation of a scheduled job by using an XML file without the extension of '.xml'. 2023-04-20 17:12:04 +05:45
phantinuss a8a8710dd6 Merge pull request #4148 from swachchhanda000/master 
Added support for another way of  execution of netsh
 2023-04-20 12:30:43 +02:00
phantinuss e640d9efe8 fix: minor 2023-04-20 12:11:22 +02:00
Nasreddine Bencherchali b127cc0efb Merge pull request #4183 from phantinuss/master 
fix: FPs from different environments
 2023-04-20 12:09:13 +02:00
swachchhanda000 6e6b570b45 Merge branch 'SigmaHQ:master' into master 2023-04-20 15:22:22 +05:45
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
phantinuss 689ef52c66 fix: remove leading whitespace 
there can be double quotes which is a common pattern when using the command flag
 2023-04-20 09:47:29 +02:00
Nasreddine Bencherchali f864692953 Merge pull request #4182 from knarph/master 
fix: typo in description
 2023-04-19 18:36:28 +02:00
Frank Iacovino 4e47720427 Correct rule description in web_apache_segfault.yml 2023-04-19 11:23:52 -04:00
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali 08e3089c64 fix: update hostname field 2023-04-19 16:16:06 +02:00
Nasreddine Bencherchali 497d856245 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-19 15:50:29 +02:00
phantinuss c6c226420d Merge pull request #4172 from angelovioletti/master 
Create proc_creation_win_rundll32_ext_drive.yml
 2023-04-19 14:45:24 +02:00
Nasreddine Bencherchali e95aaa1e5d fix: small updates 2023-04-19 12:38:38 +02:00
Nasreddine Bencherchali 15b36c6577 fix: broken selection 2023-04-18 22:52:40 +02:00
Nasreddine Bencherchali c64b907b8b fix: filter 2023-04-18 22:50:18 +02:00
Nasreddine Bencherchali 83e352c52e fix: some errors 2023-04-18 22:47:11 +02:00
Nasreddine Bencherchali 61c8364c20 feat: add rules related to rogue rdp 2023-04-18 22:13:30 +02:00
Nasreddine Bencherchali 9a2ee48ef8 feat: update multiple rules 2023-04-18 18:08:08 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Nasreddine Bencherchali 6f5c5fa9f0 Merge pull request #4179 from tjgeorgen/master 
fix: remove duplicate reference urls
 2023-04-18 17:23:41 +02:00
Tess 107629758d remove duplicate reference urls 2023-04-18 11:03:07 -04:00
Nasreddine Bencherchali 032570a080 feat: more winget updates 2023-04-18 03:35:42 +02:00
Nasreddine Bencherchali aba4213d62 fix: reduce level and gen new uuid 2023-04-17 18:46:15 +02:00
Nasreddine Bencherchali 4a921ce821 feat: add new scm error event rules 2023-04-17 18:24:23 +02:00
Nasreddine Bencherchali f2eba9d125 feat: update winget related rules 2023-04-17 18:24:01 +02:00
phantinuss b93eb83b28 Merge pull request #4176 from X-Junior/libvlc-dll-sideload-rule 
feat: new rule related to possible libvlc.dll sideloading
 2023-04-17 09:00:21 +02:00
phantinuss 6a7a0f0269 fix: typos/wording 2023-04-17 08:39:41 +02:00
Nasreddine Bencherchali 03fc33f93c fix: add space at the end 2023-04-17 02:31:02 +02:00
Mohamed Ashraf (X__Junior) 63fb8e4655 Create image_load_side_load_libvlc.yml 2023-04-17 02:27:57 +02:00
Nasreddine Bencherchali 9456f495f4 Merge pull request #4174 from nasbench/rename-folders 
chore: rename folders
 2023-04-15 20:35:18 +02:00
Nasreddine Bencherchali c4179faa54 Merge pull request #4175 from qasimqlf/patch-37 
fix: image name
 2023-04-14 18:01:52 +02:00
Qasim Qlf 52ca56335e fix: image name 2023-04-14 20:44:27 +05:00
Nasreddine Bencherchali 3cbc9afcbe fix: update modified date 2023-04-14 17:08:28 +02:00
Nasreddine Bencherchali dc9b23df35 fix: duplicate title 2023-04-14 17:08:03 +02:00
Nasreddine Bencherchali 8616635fde chore: update filter name 2023-04-14 16:59:49 +02:00
Nasreddine Bencherchali 6949ebf244 chore: rename folders 2023-04-14 16:55:41 +02:00
Florian Roth 836091e953 Merge pull request #4170 from nasbench/nash-rule-dev 
feat: rule updates
 2023-04-14 16:26:21 +02:00
Nasreddine Bencherchali fa84af599a fix: update filter 2023-04-14 12:00:22 +02:00
Nasreddine Bencherchali 1363db5ff3 fix: typos 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-04-14 11:54:04 +02:00
Nasreddine Bencherchali 5f6614b273 feat: update hh.exe related rules 2023-04-12 16:12:33 +02:00
Nasreddine Bencherchali 4ce1bf45b6 feat: update malware ua 2023-04-12 16:12:11 +02:00
Nasreddine Bencherchali bb7aabb4b4 chore: author update 2023-04-12 16:11:58 +02:00
Nasreddine Bencherchali 59a5db8eaf fix: update selection naming 2023-04-12 14:48:36 +02:00
angelovioletti 663d2c5059 Delete proc_creation_win_rundll32_ext_drive.yml 2023-04-12 14:22:24 +02:00
angelovioletti f71c1c5348 Update proc_creation_win_lolbin_not_from_c_drive.yml 2023-04-12 14:21:54 +02:00
Nasreddine Bencherchali 06352916f8 Merge pull request #4171 from frack113/FP_powershell 
Fix FP with d7326048-328b-4d5e-98af-86e84b17c765
 2023-04-12 12:22:42 +02:00
angelovioletti da519ba868 Update proc_creation_win_rundll32_ext_drive.yml 2023-04-12 09:16:48 +02:00
angelovioletti c2643de61e Add new rule proc_creation_win_rundll32_ext_drive.yml 
Rule to detect the execution of rundll32.exe processes where the current directory is an external drive, based on an analysis of BumbleBee.
 2023-04-12 09:15:05 +02:00