security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,697 Commits 1 Branch 57 Tags
a5fcba83cb4469fc84f44b80b1dbddd550ba6776
Commit Graph

15697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali a5fcba83cb Update proc_creation_win_susp_service_tamper.yml 2023-08-07 11:47:07 +02:00
RenaudFrere edf3e3f3a2 Update proc_creation_win_susp_service_tamper.yml 2023-08-04 16:31:00 +02:00
RenaudFrere 7f6c1d4952 Fixing 1 service typo in proc_creation_win_susp_service_tamper.yml 2023-08-04 16:14:33 +02:00
Nasreddine Bencherchali 4735f5bb62 Merge pull request #4366 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-04 13:25:46 +02:00
Nasreddine Bencherchali 134c3ff3aa Update rules/windows/process_creation/proc_creation_win_csc_susp_parent.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:30:44 +02:00
Nasreddine Bencherchali db8e3d2661 Update rules/windows/registry/registry_set/registry_set_persistence_shim_database_susp_application.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:12:18 +02:00
phantinuss bca13a3612 fix: wording 2023-08-04 10:44:46 +02:00
Nasreddine Bencherchali 73a8284411 Merge pull request #4371 from faisalusuf/new_rules 2023-08-04 10:31:20 +02:00
Nasreddine Bencherchali 1e0fb02ef7 Update proc_creation_lnx_ssm_agent_abuse.yml 2023-08-04 00:09:48 +02:00
Nasreddine Bencherchali 722f8329e8 Merge pull request #4372 from phantinuss/master 
fix: FP with perfmon.exe
 2023-08-04 00:06:56 +02:00
Nasreddine Bencherchali 30933109cd feat: more updates 2023-08-03 18:50:16 +02:00
z00t d854c66616 Title has been update to avoid duplication. 2023-08-03 19:38:29 +05:00
phantinuss 8837bb770b fix: FP with perfmon.exe 2023-08-03 15:55:11 +02:00
z00t 5c0f48ae55 New rule created for Linux OS. 2023-08-03 18:35:12 +05:00
z00t de4e50ff01 feat: add new rule related to "Amazon SSM Agent" potential abuse (#4369) 2023-08-03 11:42:50 +02:00
Nasreddine Bencherchali b9beedee76 feat: update csc rules 2023-08-02 13:16:10 +02:00
Nasreddine Bencherchali 381b135ba7 feat: update shim rules 2023-08-01 23:13:18 +02:00
Nasreddine Bencherchali a08e1b9d45 Merge pull request #4364 from nasbench/new-rules-13-07-23 
feat: new rules and updates
 2023-07-31 14:16:51 +02:00
Nasreddine Bencherchali 47f1936465 Update rules-emerging-threats/2023/Exploits/CVE-2023-27997/web_cve_2023_27997_pre_authentication_rce.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:32:02 +02:00
Nasreddine Bencherchali dae7fff209 Update rules-threat-hunting/windows/powershell/powershell_script/posh_ps_win_api_library_access.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:29:16 +02:00
Nasreddine Bencherchali e69daf27a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:28:34 +02:00
Nasreddine Bencherchali 1c1aa09d4b Update known-FPs.csv 2023-07-31 10:20:15 +02:00
Nasreddine Bencherchali 2e45a9ca73 Update win_security_susp_lsass_dump_generic.yml 2023-07-31 10:17:20 +02:00
Nasreddine Bencherchali 8dca7aa1ba feat: more updates 2023-07-28 14:32:57 +02:00
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b24e863a1c feat: add VMwareToolBoxCmd persistence 2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali 1d10fd8d52 feat: update curl & wget rules 2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali 0bd067ce9b Merge pull request #4361 from SigmaHQ/dependabot/pip/certifi-2023.7.22 
chore(deps): bump certifi from 2023.5.7 to 2023.7.22
 2023-07-26 14:04:48 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
dependabot[bot] de78a57e2d chore(deps): bump certifi from 2023.5.7 to 2023.7.22 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-25 23:15:56 +00:00
phantinuss 202b79e8f8 Merge pull request #4360 from phantinuss/master 
fix: FPs in rules
 2023-07-25 10:26:45 +02:00
phantinuss 250d6c0dd0 fix: selection to use all strings 2023-07-25 10:17:54 +02:00
phantinuss 9f9f2321de fix: FP found with missing commandlines 2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali d79fdf6f51 Merge pull request #4355 from nasbench/new-rules-13-07-23 
feat: new rules and updates
 2023-07-24 14:58:49 +02:00
Nasreddine Bencherchali 366aefca83 Merge pull request #4357 from frack113/quic 2023-07-24 14:58:27 +02:00
Nasreddine Bencherchali e1d07780b3 fix: fp 2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali 57a4dadd15 Merge pull request #4358 from frack113/redcannary_T1547_015 2023-07-24 12:13:34 +02:00
phantinuss 8be60ad99a fix: typo 2023-07-24 11:59:53 +02:00
Nasreddine Bencherchali 72b658b4c2 Update proc_creation_win_susp_ntfs_short_name_use_image.yml 2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali a97c96aacc fix: fp 2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali 1825c6f544 Rename posh_ps_netshare_quic.yml to posh_ps_new_smbmapping_quic.yml 2023-07-24 10:59:49 +02:00
Nasreddine Bencherchali f26a5256a1 Apply suggestions from code review 2023-07-24 10:59:09 +02:00
Nasreddine Bencherchali 6794bb0e27 Update file_event_win_susp_windows_terminal_profile.yml 2023-07-24 10:37:56 +02:00
Nasreddine Bencherchali a845b93d6a Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 10:22:11 +02:00
frack113 c46546a017 Add file_event_win_susp_windows_terminal_profile 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-22 10:07:45 +02:00
frack113 8d28609c04 Merge pull request #4354 from frack113/sysmon_event 
Add Sysmon 28-29 rules
 2023-07-21 18:35:44 +02:00
frack113 85ccd302b4 Add smb quic rules 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-21 18:35:04 +02:00
dependabot[bot] e470026c0a chore(deps-dev): bump aiohttp from 3.8.4 to 3.8.5 (#4356) 
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.4 to 3.8.5.
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst)
- [Commits](https://github.com/aio-libs/aiohttp/compare/v3.8.4...v3.8.5)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-21 11:40:23 +02:00
Nasreddine Bencherchali 1e02a7db4c Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-20 15:47:14 +02:00