security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,305 Commits 1 Branch 57 Tags
9f2ab4e0475f4e77a6595c2640be9bb3e6e6ee6f
Commit Graph

3459 Commits

Author SHA1 Message Date
Florian Roth f154f7a091 Merge branch 'master' into aurora-false-positive-fixing 2022-08-17 09:20:22 +02:00
phantinuss bc2188c72b Merge pull request #3375 from nasbench/nasbench-rule-devel 
Rule Dev [New Rules+Updates]
 2022-08-16 16:46:27 +02:00
frack113 eded7e479d Merge pull request #3374 from frack113/netsh 
Netsh Delete
 2022-08-15 11:53:27 +02:00
Florian Roth 643f77aaff Update proc_creation_win_netsh_fw_delete.yml 2022-08-15 11:38:50 +02:00
Nasreddine Bencherchali e092872e87 Update proc_creation_win_susp_mshtml_runhtmlapplication.yml 2022-08-15 00:26:15 +01:00
Nasreddine Bencherchali 8869bc6cff New rules 2022-08-15 00:22:16 +01:00
Nasreddine Bencherchali 6798d69d00 Update 2022-08-15 00:22:08 +01:00
frack113 bd3502148f Filter dropbax 2022-08-14 20:22:25 +02:00
frack113 db137c4855 Add proc_creation_win_netsh_fw_delete 2022-08-14 19:16:58 +02:00
frack113 6749532ae5 Update ref 2022-08-13 13:31:52 +02:00
frack113 0f760a6822 Fix ? char 2022-08-13 13:02:33 +02:00
frack113 c8ab532955 Search ? char 2022-08-13 12:11:32 +02:00
frack113 fecd7e2fbd Update backslash 2022-08-13 11:56:57 +02:00
frack113 3426dfb6e9 Update backslash 2022-08-13 09:59:31 +02:00
frack113 7bebb9929b Merge pull request #3370 from redsand/fp_missing_contains_all 
False positive fix, needs to match ALL of selectioN_delete, not 1 of …
 2022-08-13 07:47:34 +02:00
Nasreddine Bencherchali 0cca5208e9 Create proc_creation_win_wab_unusual_parents.yml 2022-08-12 17:18:44 +01:00
Nasreddine Bencherchali 3fffd6a8f3 Create proc_creation_win_wab_execution_from_non_default_location.yml 2022-08-12 17:12:35 +01:00
Tim Shelton fa522f68c9 False positive fix, needs to match ALL of selectioN_delete, not 1 of them 2022-08-12 15:29:49 +00:00
Nasreddine Bencherchali 4a0c1b41f2 Update proc_creation_win_renamed_procdump.yml 2022-08-12 16:04:38 +01:00
Nasreddine Bencherchali 8477c4976b Update proc_creation_win_renamed_procdump.yml 2022-08-12 16:02:54 +01:00
Nasreddine Bencherchali cf2a817801 New Rules 2022-08-12 13:44:16 +01:00
Nasreddine Bencherchali e4e24a00a7 Update procdump rules 2022-08-12 13:44:03 +01:00
Nasreddine Bencherchali b1e0668ae3 Update adfind rules 2022-08-12 13:43:36 +01:00
Nasreddine Bencherchali 0214a0632a Fix FP 2022-08-12 11:47:15 +01:00
Florian Roth b199e50898 Merge pull request #3358 from frack113/fix_3351 
Fix condition
 2022-08-11 18:24:43 +02:00
Martin 41d79d4d1b Update proc_creation_win_vul_java_remote_debugging.yml 
simplified rule
 2022-08-11 13:29:15 +02:00
Martin 8da1502e5d Update proc_creation_win_vul_java_remote_debugging.yml 
For Java Running with Remote Debugging, add filtering to vulnerable jvm versions. Later jvm versions limit remote debugging access to localhost by default.
 2022-08-11 13:20:40 +02:00
frack113 80df54d092 Fix condition 2022-08-11 06:59:01 +02:00
frack113 1a57509e85 Merge pull request #3346 from nasbench/nasbench-rule-devel 
Updates + New Rules
 2022-08-11 06:26:57 +02:00
frack113 634397e855 Merge pull request #3353 from nasbench/tune-fp-short-path-rules 
Fix FP - Short Path Rules
 2022-08-11 06:26:41 +02:00
Nasreddine Bencherchali f34a60b215 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 22:08:03 +01:00
Nasreddine Bencherchali f51547fe96 Update proc_creation_win_rundll32_unc_path.yml 2022-08-10 21:15:12 +01:00
Nasreddine Bencherchali 3201b68004 Final update 2022-08-10 18:33:17 +01:00
Nasreddine Bencherchali 0f8ad22b9a Update proc_creation_win_susp_wmic_proc_create.yml 2022-08-10 17:53:09 +01:00
Nasreddine Bencherchali 021c297e96 Update title and description 2022-08-10 17:48:48 +01:00
phantinuss 5cde4a2d7e fix: FP with Avast 2022-08-10 17:28:02 +02:00
Nasreddine Bencherchali babdecc642 Update proc_creation_win_ntfs_short_name_use_image.yml 2022-08-10 15:25:10 +01:00
Nasreddine Bencherchali 14277c5b6d Fix FP 2022-08-10 15:15:49 +01:00
Florian Roth c2b415601e Merge pull request #3344 from phantinuss/master 
fix: FP found in testing
 2022-08-10 14:04:37 +02:00
phantinuss 8e63a4b2e1 fix: another Win7 i386 path 2022-08-10 13:54:19 +02:00
Nasreddine Bencherchali b5c15c5137 More additions and updates 2022-08-10 12:52:49 +01:00
frack113 d666a18615 Fix issue 3342 2022-08-10 07:52:50 +02:00
Nasreddine Bencherchali b7e5e128c7 Update proc_creation_win_disable_service.yml 2022-08-09 18:42:39 +01:00
Nasreddine Bencherchali b905df6bc7 Updates + New Rules 2022-08-09 18:35:45 +01:00
phantinuss df4b8eadbf fix: FP in testing 2022-08-09 18:34:53 +02:00
phantinuss 68a768f829 Merge pull request #3335 from nasbench/nasbench-rule-devel 
Update Ntfs Short Name rule
 2022-08-09 17:53:05 +02:00
Nasreddine Bencherchali f5d0753167 Add extensions 2022-08-09 16:05:36 +01:00
frack113 f1eba85780 Add short name path 2022-08-07 08:37:58 +02:00
Nasreddine Bencherchali be896d1013 rename rule 2022-08-06 18:43:59 +01:00
Nasreddine Bencherchali 3388b675ac Create proc_creation_win_ntfs_short_name_use_image.yml 2022-08-06 18:43:33 +01:00