security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,577 Commits 1 Branch 57 Tags
98471bc53c19081ae240711f0ffe9a0442b88fc0
Commit Graph

2577 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kevin Dienst 98471bc53c Update proxy_raw_paste_service_access.yml 
Add another paste provider website, ghostbin.co to the list. Note that saved pastes generate pseudo random 5 character strings before being suffixed with `/raw` at the end of the URL. e.g. `https://ghostbin.co/paste/y4e9a/raw`

Thus, I've added a regex match between /paste and /raw. I'm unsure if this is supported, I skimmed the Sigma specification wiki but didn't see anything other than that contains adds '*' to end and beginning of each selection. If this regex isn't going to work then I'd imagine we just have to remove the `.+/raw/` from the URI.
 2020-02-03 07:29:42 -06:00
Florian Roth 016d726d4e fix: bug in formatting 2020-02-02 11:31:39 +01:00
Florian Roth dcc7d03c37 docs: better description 2020-02-02 11:31:22 +01:00
Florian Roth 296cf6aa08 fix: fixed examples and added a new one 2020-02-02 09:27:56 +01:00
Florian Roth 68b34467a8 Merge pull request #608 from yt0ng/development 
additional execution observed
 2020-02-02 08:37:59 +01:00
Neis Markus 0d7f55948c additional execution observed 2020-02-02 08:07:00 +01:00
Florian Roth aa8a0f5e1f Merge pull request #606 from Neo23x0/devel 
refactor: moved rues from 'apt' folder in respective folders
 2020-02-01 18:25:19 +01:00
Florian Roth 03ecb3b8dc refactor: moved rues from 'apt' folder in respective folders 2020-02-01 17:59:26 +01:00
Florian Roth 6ea861da53 Merge pull request #605 from Neo23x0/devel 
Winnti rule and helpful message in test script
 2020-02-01 15:51:16 +01:00
Florian Roth a752e6c95f rule: winnti group campaign against HK universities 2020-02-01 15:43:30 +01:00
Florian Roth 9876623710 doc: helpful link in error message 2020-02-01 15:43:11 +01:00
Florian Roth 5b157efd7e Merge pull request #340 from virtuallaik/master 
Create powershell_nishang_malicious_commandlets.yml + edits
 2020-01-31 15:37:59 +01:00
Florian Roth 7a222920df added 'date' 2020-01-31 15:27:30 +01:00
Florian Roth 913c839780 added 'id' 2020-01-31 15:26:43 +01:00
Florian Roth 848e0c90e4 Merge branch 'master' into master 2020-01-31 14:45:29 +01:00
Florian Roth aba4f37517 Merge pull request #366 from dvas0004/patch-1 
Update win_alert_ad_user_backdoors.yml
 2020-01-31 14:41:50 +01:00
Florian Roth 1213712978 Merge branch 'master' into patch-1 2020-01-31 14:32:27 +01:00
Florian Roth afecca3c13 Merge pull request #511 from 4A616D6573/patch-3 
Created win_susp_local_anon_logon_created.yml
 2020-01-31 14:30:54 +01:00
Florian Roth 70034bd793 Merge pull request #388 from yt0ng/Renamed_Files 
Renamed Jusched
 2020-01-31 14:18:28 +01:00
Florian Roth 8c4aadb423 Merge branch 'master' into Renamed_Files 2020-01-31 08:49:10 +01:00
Florian Roth 190afcac88 Missing ID, wrong tag 2020-01-31 07:32:28 +01:00
Florian Roth e3d61d5579 Missing ID 2020-01-31 07:31:56 +01:00
Florian Roth 033ab26d5e Added date 2020-01-31 07:21:02 +01:00
Florian Roth 82cae6d63c Merge pull request #604 from Neo23x0/devel 
New tests, colorized test output and rule cleanup
 2020-01-31 07:07:13 +01:00
Florian Roth ae2c186872 rule: wsreset.exe UAC bypass 2020-01-30 18:05:47 +01:00
Florian Roth 1735614747 feat: rule title tests 2020-01-30 17:26:21 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth 43af93a678 feat: detect missing date 2020-01-30 16:08:34 +01:00
Florian Roth 14e7b17eb9 feat: detect missing id 2020-01-30 16:08:24 +01:00
Florian Roth 93e1299010 style: PEP8 in test_rules.py 2020-01-30 16:08:10 +01:00
Florian Roth e79e99c4aa fix: fixed missing date fields in remaining files 2020-01-30 16:07:37 +01:00
Thomas Patzke 4fa0ae7259 Merge branch 'ruleid' 2020-01-30 16:03:10 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
Florian Roth 617ece1aa2 fix: fixed missing date fields in proxy rules 2020-01-30 15:20:52 +01:00
Florian Roth 4ad71c44bc chore: moved network device rules to the 'network' folder 2020-01-30 14:30:26 +01:00
Florian Roth 5130072b04 Merge pull request #529 from c2defense/master 
Network Device Analytics
 2020-01-30 14:28:44 +01:00
Florian Roth 30d872f98f Merge pull request #492 from booberry46/master 
Bypass Windows Defender
 2020-01-30 14:27:30 +01:00
Thomas Patzke 7b4ec734a8 Using rule ids as Kibana object id 2020-01-30 11:30:01 +01:00
Florian Roth 598b750f48 Minor change 2020-01-30 10:31:16 +01:00
Florian Roth 8cef4b2941 fix: missing id 2020-01-30 10:14:18 +01:00
Florian Roth bf81ff90a8 fix: using a specific field 2020-01-30 10:13:33 +01:00
Florian Roth 0207eeece4 fix: hyphen 2020-01-30 10:10:03 +01:00
Florian Roth 2f1890b5e8 Update win_rdp_reverse_tunnel.yml 2020-01-30 10:09:41 +01:00
Florian Roth 8ec0060938 fix: fixing bug 2020-01-30 10:09:22 +01:00
Florian Roth 6ca100cabf reverted changes 2020-01-30 10:08:25 +01:00
Florian Roth 0a4d32c7c7 fix: fixing issues 2020-01-30 10:07:24 +01:00
Florian Roth 9828d7f81d re-added old reference 2020-01-30 10:03:09 +01:00
Florian Roth d90ea6d267 improved rule 2020-01-30 09:58:32 +01:00
Florian Roth f8e022a709 Fixed indentation 2020-01-30 09:54:41 +01:00
Florian Roth d2122b6b83 Merge pull request #594 from sreemanshanker/master 
Sigma rule to Monitor for writing of malicious files to system32 and syswow64 folders
 2020-01-30 09:14:58 +01:00