security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,410 Commits 1 Branch 57 Tags
a0bad54dbda170d5369f54ccede5f11f999da4de
Commit Graph

2410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth c1647ca4b7 Merge branch 'master' into devel 2019-12-06 13:38:29 +01:00
Florian Roth e91a79e707 Merge pull request #550 from refractionPOINT/lc-proxy-support 
LimaCharlie basic support for Proxy rule category.
 2019-12-06 08:20:14 +01:00
Florian Roth 6359223390 Merge pull request #551 from axi0m/patch-1 
Add hastebin raw URI to contains selection
 2019-12-06 08:19:44 +01:00
Kevin Dienst 865251238f Add hastebin raw URI to contains selection 2019-12-05 14:16:20 -06:00
Maxime Lamothe-Brassard 27bb07b74e Adding support for basic proxy rules using the HTTP_REQUEST events from the Chrome LC Agent. 2019-12-05 09:35:09 -08:00
Florian Roth ab2dd094a5 fix: fixed broken link in elise rule 2019-12-05 09:56:20 +01:00
Florian Roth 8e107f43a2 rule: raw paste service access 2019-12-05 08:54:49 +01:00
Thomas Patzke ad7d5d2a39 Added WMI login rule 2019-12-04 11:13:04 +01:00
Thomas Patzke e8c1c97f3e Added rule for failed code integrity checks 2019-12-03 15:08:26 +01:00
Thomas Patzke c47af5169c Increased SID history rule severity 2019-12-03 14:28:46 +01:00
Thomas Patzke 76578927e8 Added domain trust rule 2019-12-03 14:28:20 +01:00
Florian Roth c8e29da7ec fix: simplified rule with RE 2019-12-03 11:24:06 +01:00
Florian Roth fc09533f56 style: fixed title 2019-12-03 11:24:06 +01:00
Thomas Patzke 98be3ce069 Fixed changelog (missing title) 2019-11-30 00:34:17 +01:00
webhead404 21ef152e3a Update win_external_device.yml 2019-11-20 16:19:45 -06:00
webhead404 2bfd4ea654 Added MITRE tags 2019-11-20 16:18:03 -06:00
webhead404 b96ad8ccd7 Merge pull request #2 from webhead404/webhead404-contrib 
Create win_external_device
 2019-11-20 16:09:15 -06:00
webhead404 5c5d28acdc Create win_external_device 2019-11-20 16:07:29 -06:00
Florian Roth 39293d5f2b rule: another reference for CVE-2019-1388 rule 2019-11-20 15:09:30 +01:00
Florian Roth 00a26dff16 Merge pull request #536 from Neo23x0/devel 
Changes to CVE-2019-1388 rule
 2019-11-20 09:27:56 +01:00
Florian Roth f9e6a929ba rule: made it more specific - command line must contain URL 2019-11-20 09:23:04 +01:00
Florian Roth 55e66b1843 rule: added status 2019-11-20 09:21:42 +01:00
Florian Roth 0b9cd47c1e Merge pull request #535 from Neo23x0/devel 
Rule to detect CVE-2019-1388
 2019-11-20 09:19:52 +01:00
Florian Roth 4022e3251b rule: changed title 2019-11-20 09:16:00 +01:00
Florian Roth 158f6b3065 rule: exploitation of CVE-2019-1388 2019-11-20 09:12:02 +01:00
Florian Roth a6d069c6d2 Merge branch 'master' into devel 2019-11-19 15:59:22 +01:00
Florian Roth 98aa4d4ecb fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
Maxime Lamothe-Brassard 61bcc46394 Prettier formatting of YAML. 2019-11-18 14:50:41 -05:00
Florian Roth 0dd583510a Merge pull request #534 from Neo23x0/devel 
rules and fixes
 2019-11-18 16:01:26 +01:00
Florian Roth 2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Florian Roth 93f890b31d rule: renamed procdump 2019-11-18 15:27:04 +01:00
Florian Roth da05c9bb82 fix: line break in description 2019-11-18 15:26:55 +01:00
Florian Roth 2c54d1afe4 rule: removed Zebrocy rule because it doesn't work that way 
reason: command line gets split up at the '&' character, which results in two command lines
 2019-11-18 11:42:38 +01:00
Maxime Lamothe-Brassard 9eed57ee1d Adding the "falsepositives" field to the LC metadata. 2019-11-15 08:30:41 -05:00
Florian Roth 396c506794 Merge pull request #532 from Neo23x0/devel 
rule: RottenPotato attack pattern
 2019-11-15 12:01:42 +01:00
Florian Roth 04288771a1 fix: bugfix in RottenPotato rule - wrong identifier 2019-11-15 11:50:03 +01:00
Florian Roth 7e6031705e rule: RottenPotato attack pattern 2019-11-15 11:44:18 +01:00
Florian Roth c99ab28834 Merge pull request #531 from Neo23x0/devel 
Devel
 2019-11-15 00:34:38 +01:00
Florian Roth ff3ed04405 rule: Exploiting SetupComplete.cmd CVE-2019-1378 2019-11-15 00:26:18 +01:00
Florian Roth 2cf6e16024 fix: missing new MITRE tactics category in tests 2019-11-14 23:31:38 +01:00
Bart a5b4b276d4 Add scriptlets 
Adds .sct and .vbe.
 2019-11-14 22:26:22 +01:00
Anastasios Zouzias 3c7f522017 add .keyword on aggs; add extra unit test 2019-11-14 14:34:50 +01:00
Florian Roth e8bfc28284 Merge branch 'devel' 2019-11-14 10:16:56 +01:00
Florian Roth 2b7699cc15 fix: fixed broken condition 2019-11-14 10:15:18 +01:00
Florian Roth 2e452d4035 Merge pull request #528 from Neo23x0/devel 
Rule: suspicious msiexec directory
 2019-11-14 10:00:12 +01:00
Florian Roth 95a8563606 Rule: suspicious msiexec directory 2019-11-14 09:51:55 +01:00
Thomas Patzke cf22e9e576 Added hint on failed UUID check 2019-11-12 23:37:28 +01:00
Thomas Patzke 8d8530be2a Added UUID check to CI tests 2019-11-12 23:15:30 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00