security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,536 Commits 1 Branch 57 Tags
a67ab607a18787f94a3de0f8e3379745fa0c1928
Commit Graph

4002 Commits

Author SHA1 Message Date
Florian Roth d8704daf79 fix: change modified date 2022-11-14 17:21:08 +01:00
Florian Roth d43517078b fix: modifier 2022-11-14 17:08:08 +01:00
Florian Roth 0fb1295157 fix: FPs noticed with Aurora 2022-11-13 20:26:03 +01:00
Florian Roth 91acad69a8 fix: field value 2022-11-12 09:39:25 +01:00
Florian Roth b0d47b303e Merge branch 'master' into aurora-false-positive-fixing 2022-11-12 08:34:48 +01:00
Florian Roth f94f0727c4 fix: FPs noticed with Aurora and VStudio 2022-11-12 08:33:04 +01:00
Florian Roth 99b865b603 Merge pull request #3690 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-11 18:41:58 +01:00
Nasreddine Bencherchali 953b4f3676 fix: add powershell move-item 2022-11-11 10:05:55 +01:00
Nasreddine Bencherchali 04b7b92b64 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-11 10:03:24 +01:00
securepeacock 1cb5febbf3 Update proc_creation_win_lolbin_scriptrunner.yml 
Proxy typo fix.
 2022-11-10 13:26:03 -05:00
Nasreddine Bencherchali 6d8a4571cd fix: add missing - in selection 2022-11-10 18:29:15 +01:00
Nasreddine Bencherchali ddf7f1b345 fix: fix duplicates in id field 2022-11-10 17:25:55 +01:00
Nasreddine Bencherchali 14d13ef9ac fix: rename ftp.exe rule to lolbin rule 2022-11-10 17:06:28 +01:00
Nasreddine Bencherchali c102b26bcf feat: new sftp lolbin rule 2022-11-10 17:05:18 +01:00
Nasreddine Bencherchali ee5a8733dd fix: update ftp.exe rules 2022-11-10 17:05:05 +01:00
Nasreddine Bencherchali cd871bbc04 fix: update rules with more cases 2022-11-10 17:04:52 +01:00
Nasreddine Bencherchali a2fc57fa52 fix: update rule to move takeown 2022-11-10 17:04:02 +01:00
Nasreddine Bencherchali fb957e2897 fix: add missing quotes and OriginalFileName field 2022-11-10 17:03:31 +01:00
Nasreddine Bencherchali 649bbc86ec fix: renamed and updated the "sc query" rule 2022-11-10 17:03:01 +01:00
Nasreddine Bencherchali c9e755acbf fix: add missing quotes and additional metadata 2022-11-10 17:02:29 +01:00
Florian Roth 99d8c96ccd Merge pull request #3688 from SigmaHQ/rule-devel 
rule: vuln Lenovo driver load, fix: Dell driver load condition, rule: Sysmon parent proc
 2022-11-10 16:34:21 +01:00
Florian Roth 3278292559 fix: FPs 2022-11-10 15:01:09 +01:00
Florian Roth 254766170f docs: update description and tags 2022-11-10 14:57:26 +01:00
Florian Roth 19fbbf8265 rule: Sysmon as parent 2022-11-10 14:52:31 +01:00
phantinuss 4e60b8abf0 Merge pull request #3686 from qasimqlf/patch-11 
Minor Fix
 2022-11-10 11:54:23 +01:00
Qasim Qlf 097e673df8 Minor Fix 2022-11-10 12:41:43 +05:00
Qasim Qlf 52daec4489 Minor Fix 2022-11-10 12:40:13 +05:00
Florian Roth 9e68c45df0 Merge pull request #3684 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-09 20:04:15 +01:00
Florian Roth 2f4eed2fe4 no need to update the modified date here 2022-11-09 18:33:13 +01:00
phantinuss 9136963672 fix: filter empty ParentImage which might happen as a race condition on startup 2022-11-09 16:45:00 +01:00
Nasreddine Bencherchali 39d66b4e94 Merge branch 'master' into nasbench-rule-devel 2022-11-09 16:14:38 +01:00
Nasreddine Bencherchali 5a70e402b3 Update rules 2022-11-09 16:13:17 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth c9fe367eae rule: amsi bypass 2022-11-09 09:44:31 +01:00
Ilya_Krestinichev ffb726b6df Create proc_creation_win_susp_ping_del.yml (#3671) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-09 09:42:33 +01:00
Nasreddine Bencherchali f7c1d9fe9d Update proc_creation_win_weak_or_abused_passwords.yml 2022-11-08 14:52:42 +01:00
Nasreddine Bencherchali 33bd200a89 Fix FP 2022-11-08 12:32:44 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
Florian Roth 7a36b5b0b0 Merge pull request #3680 from SigmaHQ/aurora-false-positive-fixing 
fix: dysfunctional rules
 2022-11-07 19:29:16 +01:00
Florian Roth 0d86ec83b5 fix: calc rule logic 2022-11-07 15:31:38 +01:00
Florian Roth 74834a6db0 fix: FPs with mshta execution 2022-11-07 15:22:21 +01:00
Nasreddine Bencherchali fc8eeb7b1e Fix FP 2022-11-07 12:11:30 +01:00
Nasreddine Bencherchali 841b311dd0 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-07 11:57:18 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00
Florian Roth be9bda1d54 Merge pull request #3673 from SigmaHQ/rule-devel 
fix: Adfind rule, rework: Racoon stealer UA, rule: ngrok tunneling
 2022-11-04 17:55:21 +01:00
Nasreddine Bencherchali 753772a177 Rename+Metadata Update 2022-11-04 11:59:11 +01:00
Nasreddine Bencherchali 117d400c49 Deprecate 82a19e3a-2bfe-4a91-8c0d-5d4c98fbb719 2022-11-03 13:42:45 +01:00
Nasreddine Bencherchali d86c05643b Deprecate dca91cfd-d7ab-4c66-8da7-ee57d487b35b 2022-11-03 13:41:40 +01:00
Nasreddine Bencherchali 3b4f41d588 Update proc_creation_win_susp_run_folder.yml 2022-11-03 11:16:03 +01:00