security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,697 Commits 1 Branch 57 Tags
a5fcba83cb4469fc84f44b80b1dbddd550ba6776
Commit Graph

4781 Commits

Author SHA1 Message Date
Nasreddine Bencherchali a5fcba83cb Update proc_creation_win_susp_service_tamper.yml 2023-08-07 11:47:07 +02:00
RenaudFrere edf3e3f3a2 Update proc_creation_win_susp_service_tamper.yml 2023-08-04 16:31:00 +02:00
RenaudFrere 7f6c1d4952 Fixing 1 service typo in proc_creation_win_susp_service_tamper.yml 2023-08-04 16:14:33 +02:00
Nasreddine Bencherchali 4735f5bb62 Merge pull request #4366 from nasbench/new-rules-august-23 
feat: new rules and updates
 2023-08-04 13:25:46 +02:00
Nasreddine Bencherchali 134c3ff3aa Update rules/windows/process_creation/proc_creation_win_csc_susp_parent.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-08-04 11:30:44 +02:00
phantinuss bca13a3612 fix: wording 2023-08-04 10:44:46 +02:00
Nasreddine Bencherchali 30933109cd feat: more updates 2023-08-03 18:50:16 +02:00
z00t de4e50ff01 feat: add new rule related to "Amazon SSM Agent" potential abuse (#4369) 2023-08-03 11:42:50 +02:00
Nasreddine Bencherchali b9beedee76 feat: update csc rules 2023-08-02 13:16:10 +02:00
Nasreddine Bencherchali 381b135ba7 feat: update shim rules 2023-08-01 23:13:18 +02:00
Nasreddine Bencherchali e69daf27a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-31 12:28:34 +02:00
Nasreddine Bencherchali 9a73c33554 fix: duplicate ids and missing selections 2023-07-27 14:58:47 +02:00
Nasreddine Bencherchali b24e863a1c feat: add VMwareToolBoxCmd persistence 2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali 1d10fd8d52 feat: update curl & wget rules 2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali b20e7b449c feat: rules update 2023-07-26 10:56:18 +02:00
phantinuss 250d6c0dd0 fix: selection to use all strings 2023-07-25 10:17:54 +02:00
phantinuss 9f9f2321de fix: FP found with missing commandlines 2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali 72b658b4c2 Update proc_creation_win_susp_ntfs_short_name_use_image.yml 2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali a97c96aacc fix: fp 2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali db9214e8d2 fix: typos 2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali 1ed5629eb2 feat: update filter 2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali f7acf07882 Merge branch 'SigmaHQ:master' into new-rules-13-07-23 2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali 73f44e61d1 feat: add more rules 2023-07-20 13:47:30 +02:00
frack113 9acc4e1823 feat: add rules related to pwsh set-acl cmdlet usage (#4352) 2023-07-20 11:08:44 +02:00
Florian Roth 764963c2c7 refactor: increased level 2023-07-18 14:09:12 +02:00
Nasreddine Bencherchali 08e0a297f3 feat: new rules and updates 2023-07-13 17:31:13 +02:00
Nasreddine Bencherchali ccec820a01 feat: new rules & updates (#4328) 2023-07-13 10:01:05 +02:00
frack113 1586e30f19 Merge pull request #4343 from frack113/redcannary_t1057 
Add proc_creation_win_findstr_susp_parent
 2023-07-12 20:52:17 +02:00
frack113 c97c3bc54c Add httpd filter 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-06 20:19:03 +02:00
frack113 f9dbb1f413 Add proc_creation_win_findstr_susp_parent 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-06 19:51:47 +02:00
phantinuss 835dda9484 fix: FPs found in testing env 2023-07-05 10:37:17 +02:00
securepeacock a527ff3a1a Update proc_creation_win_nltest_recon.yml 2023-06-26 09:55:01 -04:00
Ryan Plas cda0fbff62 fix:F multiple 404 links in references (#4332) 2023-06-26 10:10:04 +01:00
Nasreddine Bencherchali 96b2219686 Merge pull request #4329 from securepeacock/patch-51 
feat: add new reference to curl download rule
 2023-06-23 09:58:50 +02:00
securepeacock 01d3701982 Update proc_creation_win_pua_adfind_susp_usage.yml 2023-06-22 17:11:08 -04:00
securepeacock f8d399f054 Update proc_creation_win_curl_susp_download.yml 2023-06-22 11:53:22 -04:00
securepeacock 2b30b96f12 Update proc_creation_win_lolbin_rundll32_installscreensaver.yml 2023-06-21 13:11:09 -04:00
phantinuss 6c4408ddff chore: fix typo of lowercase Windows in description 2023-06-21 09:52:43 +02:00
phantinuss 6b2bf871c2 fix: false positives with missing Image field 2023-06-21 09:52:43 +02:00
securepeacock fcaa435517 Update proc_creation_win_renamed_binary.yml 2023-06-20 14:30:05 -04:00
Nasreddine Bencherchali 22628faaf0 feat: add rules related to Barracuda ESG exploitation 2023-06-18 22:14:57 +02:00
securepeacock 6312dd1d44 feat: update reference proc_creation_win_wmic_process_creation.yml (#4315) 2023-06-16 10:24:50 +02:00
Nasreddine Bencherchali 917e5bee68 fix: update filter name 2023-06-14 15:35:33 +02:00
frack113 9ad36c796b Fix svchost FP 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-06-14 11:33:58 +02:00
Nasreddine Bencherchali 9c3e652693 Merge pull request #4301 from tr0mb1r/master 
feat: add new rules related to ClickOnce abuse
 2023-06-13 11:29:25 +02:00
Nasreddine Bencherchali 7ecbf44bf6 feat: update clickonce rules 2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali 2b520f9415 chore: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-12 10:15:23 +02:00
Nasreddine Bencherchali d634acec1a feat: update legit child 2023-06-12 00:23:04 +02:00
Mohamed Ashraf (X__Junior) 2b2c5c42ca Create proc_creation_win_sndvol_susp_child_processes.yml 2023-06-09 20:43:13 +03:00