security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,671 Commits 1 Branch 57 Tags
9a73c33554bc8fead90c79804c14f661c814bf27
Commit Graph

380 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali f7acf07882 Merge branch 'SigmaHQ:master' into new-rules-13-07-23 2023-07-20 13:51:48 +02:00
frack113 9acc4e1823 feat: add rules related to pwsh set-acl cmdlet usage (#4352) 2023-07-20 11:08:44 +02:00
Nasreddine Bencherchali 08e0a297f3 feat: new rules and updates 2023-07-13 17:31:13 +02:00
Nasreddine Bencherchali ccec820a01 feat: new rules & updates (#4328) 2023-07-13 10:01:05 +02:00
frack113 101fe1a355 Update posh_ps_get_adcomputer 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-08 18:02:06 +02:00
Ryan Plas cda0fbff62 fix:F multiple 404 links in references (#4332) 2023-06-26 10:10:04 +01:00
phantinuss 6c4408ddff chore: fix typo of lowercase Windows in description 2023-06-21 09:52:43 +02:00
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
Nasreddine Bencherchali 899c2ff23a chore: update defender rules 2023-06-05 11:50:43 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Yamato Security 4f36d69eb2 update Suspicious Export-PfxCertificate rule 2023-05-15 12:00:55 +09:00
Swachchhanda Shrawan Poudel d56c9d9006 Extended the coverage of existing defender tampering related rules 2023-05-10 21:23:47 +05:45
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
Nasreddine Bencherchali bd0a9e2bae fix: missing modifier 2023-05-05 12:34:29 +02:00
Nasreddine Bencherchali 6f659d1c1a fix: fp found in testing 2023-05-05 12:24:54 +02:00
Nasreddine Bencherchali 24ed6be065 feat: updates and new rules related to fin7 2023-05-05 01:26:06 +02:00
phantinuss 6a88ece238 fix: adapt level to high 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-04-27 16:59:35 +02:00
phantinuss cf585abe51 feat: new rule for Rubeus in pwsh scriptblock log 2023-04-27 16:39:17 +02:00
phantinuss d82d387071 Merge pull request #4189 from tuanhxh1/tuan.le.ncs 
Update Script Block Text When Run Phant0m Script
 2023-04-21 11:42:55 +02:00
Nasreddine Bencherchali 95edf4c9d6 Merge pull request #4177 from pH-T/master 
feat: new hktl related rules and pwsh cmdlet updates
 2023-04-21 11:24:57 +02:00
Nasreddine Bencherchali ba63f4a222 fix: reduce level and update title 2023-04-21 11:21:13 +02:00
Nasreddine Bencherchali aa22c02039 chore: order list 2023-04-21 11:14:55 +02:00
tuan 26583da2ea Update Script Block Text When Run Phant0m Script 2023-04-21 15:41:27 +07:00
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
Paul Hager 0420e9c3bb feat: various new hktl rules 2023-04-17 12:08:30 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
phantinuss 85423f784c fix: condition filtering on all filters 2023-03-24 10:59:01 +01:00
phantinuss aa1ab49773 fix: FPs found in testing environment 2023-03-24 10:41:21 +01:00
Nasreddine Bencherchali 1378cf6d75 feat: update cmd based rules 2023-03-07 14:13:57 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
phantinuss ecc41ad20b fix: FP with chocolatey 2023-02-21 16:38:05 +01:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Florian Roth 205f6a4de7 fix: FP with Get-ADObject 2023-02-06 13:26:37 +01:00
Nasreddine Bencherchali c68531e688 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-02 10:52:04 +01:00
Nasreddine Bencherchali d08acc18ae fix: add missing modified field 2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali beebafe9ce fix: special case 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-01 13:22:11 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Nasreddine Bencherchali 3e24998fe1 feat: add add-appxpackage cmdlet rules 2023-01-31 22:11:32 +01:00
Nasreddine Bencherchali e6c155442f feat: multiple updates and enhancements 2023-01-30 20:02:45 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali 85c5f21818 feat: more updates, renames and fixes 2023-01-27 00:30:16 +01:00
Nasreddine Bencherchali 58912f5eda Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00