security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,697 Commits 1 Branch 57 Tags
a5fcba83cb4469fc84f44b80b1dbddd550ba6776
Commit Graph

12198 Commits

Author SHA1 Message Date
Nasreddine Bencherchali a5fcba83cb Update proc_creation_win_susp_service_tamper.yml 2023-08-07 11:47:07 +02:00
RenaudFrere edf3e3f3a2 Update proc_creation_win_susp_service_tamper.yml 2023-08-04 16:31:00 +02:00
RenaudFrere 7f6c1d4952 Fixing 1 service typo in proc_creation_win_susp_service_tamper.yml 2023-08-04 16:14:33 +02:00
Nasreddine Bencherchali 4735f5bb62 Merge pull request #4366 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-04 13:25:46 +02:00
Nasreddine Bencherchali 134c3ff3aa Update rules/windows/process_creation/proc_creation_win_csc_susp_parent.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:30:44 +02:00
Nasreddine Bencherchali db8e3d2661 Update rules/windows/registry/registry_set/registry_set_persistence_shim_database_susp_application.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:12:18 +02:00
phantinuss bca13a3612 fix: wording 2023-08-04 10:44:46 +02:00
Nasreddine Bencherchali 73a8284411 Merge pull request #4371 from faisalusuf/new_rules 2023-08-04 10:31:20 +02:00
Nasreddine Bencherchali 1e0fb02ef7 Update proc_creation_lnx_ssm_agent_abuse.yml 2023-08-04 00:09:48 +02:00
Nasreddine Bencherchali 30933109cd feat: more updates 2023-08-03 18:50:16 +02:00
z00t d854c66616 Title has been update to avoid duplication. 2023-08-03 19:38:29 +05:00
phantinuss 8837bb770b fix: FP with perfmon.exe 2023-08-03 15:55:11 +02:00
z00t 5c0f48ae55 New rule created for Linux OS. 2023-08-03 18:35:12 +05:00
z00t de4e50ff01 feat: add new rule related to "Amazon SSM Agent" potential abuse (#4369) 2023-08-03 11:42:50 +02:00
Nasreddine Bencherchali b9beedee76 feat: update csc rules 2023-08-02 13:16:10 +02:00
Nasreddine Bencherchali 381b135ba7 feat: update shim rules 2023-08-01 23:13:18 +02:00
Nasreddine Bencherchali e69daf27a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:28:34 +02:00
Nasreddine Bencherchali 2e45a9ca73 Update win_security_susp_lsass_dump_generic.yml 2023-07-31 10:17:20 +02:00
Nasreddine Bencherchali 8dca7aa1ba feat: more updates 2023-07-28 14:32:57 +02:00
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b24e863a1c feat: add VMwareToolBoxCmd persistence 2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali 1d10fd8d52 feat: update curl & wget rules 2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
phantinuss 250d6c0dd0 fix: selection to use all strings 2023-07-25 10:17:54 +02:00
phantinuss 9f9f2321de fix: FP found with missing commandlines 2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali d79fdf6f51 Merge pull request #4355 from nasbench/new-rules-13-07-23 
feat: new rules and updates
 2023-07-24 14:58:49 +02:00
Nasreddine Bencherchali e1d07780b3 fix: fp 2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali 57a4dadd15 Merge pull request #4358 from frack113/redcannary_T1547_015 2023-07-24 12:13:34 +02:00
Nasreddine Bencherchali 72b658b4c2 Update proc_creation_win_susp_ntfs_short_name_use_image.yml 2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali a97c96aacc fix: fp 2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali 6794bb0e27 Update file_event_win_susp_windows_terminal_profile.yml 2023-07-24 10:37:56 +02:00
frack113 c46546a017 Add file_event_win_susp_windows_terminal_profile 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-22 10:07:45 +02:00
Nasreddine Bencherchali 1e02a7db4c Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-20 15:47:14 +02:00
Nasreddine Bencherchali db9214e8d2 fix: typos 2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali e6003c19cd Apply suggestions from code review 2023-07-20 14:08:49 +02:00
Nasreddine Bencherchali 1ed5629eb2 feat: update filter 2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali f7acf07882 Merge branch 'SigmaHQ:master' into new-rules-13-07-23 2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali 73f44e61d1 feat: add more rules 2023-07-20 13:47:30 +02:00
frack113 03ec08f933 Add Sysmon 28-29 rules 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-20 12:38:11 +02:00
frack113 9acc4e1823 feat: add rules related to pwsh set-acl cmdlet usage (#4352) 2023-07-20 11:08:44 +02:00
Florian Roth 764963c2c7 refactor: increased level 2023-07-18 14:09:12 +02:00
Josh f083be8458 Fixed typo in comment 
DragonOK and not dargonOK :)
 2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali 7ca5639d1d Merge pull request #4346 from X-Junior/CVE-2023-36884-rules 
feat: new rules related to CVE-2023-36884
 2023-07-17 14:31:33 +02:00
phantinuss b99089e252 fix: typo 2023-07-17 13:57:27 +02:00
Nasreddine Bencherchali 2c3d19f335 Merge pull request #4293 from danielbohannon/patch-1 2023-07-17 12:19:05 +02:00
Nasreddine Bencherchali 8726f310e7 chore: update metadata 2023-07-13 23:30:16 +02:00
Mohamed Ashraf (X__Junior) c10a6c9870 Create net_connection_win_office.yml 2023-07-13 19:23:38 +03:00
Nasreddine Bencherchali 08e0a297f3 feat: new rules and updates 2023-07-13 17:31:13 +02:00
Mohamed Ashraf (X__Junior) 81440fe0ea CVE-2023-36884 rules 2023-07-13 18:27:12 +03:00