security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,098 Commits 1 Branch 57 Tags
a99b5082e1a6c5c752120d56fdd67ee239e6a302
Commit Graph

287 Commits

Author SHA1 Message Date
Nasreddine Bencherchali a99b5082e1 feat: updates and enhancements 2023-01-02 14:49:45 +01:00
Nasreddine Bencherchali 261bb8758a Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-30 11:49:08 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali c6fd915619 feat: updates and enhancements 2022-12-30 00:56:40 +01:00
fukusuket 42ab7c0484 fix regex escape 2022-12-30 00:11:52 +09:00
frack113 b3ec85b25b Merge pull request #3826 from nasbench/fix-old-sigma-link 
fix: rename links from old repo to SigmaHQ
 2022-12-28 11:11:04 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 0392f92a0d PowerShell Token Obfuscation (#3825) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 20:03:05 +01:00
frack113 8a6f66b120 Rules for Issue 575 (#3820) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 15:17:45 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
frack113 271460062e Merge pull request #3815 from nasbench/aadinternals-rules 
feat: new aadinternals related rules
 2022-12-23 20:20:07 +01:00
Nasreddine Bencherchali b19abdaeda fix: date position 2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali 1f38e15bb4 fix: fp section 2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali 28664d5bb3 feat: new aadinternals related rules 2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali 0aa6f26a6f feat: updates and enhancements 2022-12-23 18:37:59 +01:00
frack113 df015e555c Add more ref 2022-12-23 13:22:50 +01:00
frack113 546e53fb35 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-23 12:34:56 +01:00
frack113 bee5b2f252 Issue 575 page 43 2022-12-23 11:10:17 +01:00
frack113 b200b5dedb Fix title 2022-12-23 10:58:11 +01:00
frack113 9617cdd4ea Issue 575 page 42 2022-12-23 10:50:34 +01:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
gs3cl 122cb47d71 Gs3cl patch 1 (#3753) 2022-12-05 10:39:58 +01:00
fukusuket 9c76aac1fc refactor: remove unnesessary escape. 2022-12-03 21:56:00 +09:00
frack113 064132a5a8 Merge pull request #3744 from fukusuket/refactor-remove-unnecessary-escape 
refactor: remove unneeded escapes(in `|re` block)
 2022-12-03 09:36:09 +01:00
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
fukusuket ead6831b25 update modified date. 2022-12-02 21:57:37 +09:00
fukusuket a05742b420 refactor: remove unnesessary escape. 2022-12-02 21:26:45 +09:00
fukusuket 7b1d23621c refactor: remove unnesessary escape. 2022-12-02 20:17:39 +09:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Fukusuke Takahashi 76fece654a fix: explicitly escape { to make it clear that it is a literal (#3737) 2022-11-30 11:43:49 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 3572e9d9ea titles modified (#3730) 2022-11-26 08:49:30 +01:00
Nasreddine Bencherchali 89d69de27f fix: rename + update rule 2022-11-21 12:40:54 +01:00
Nasreddine Bencherchali 6603ca9202 fix: update rules to not use regex 2022-11-18 11:16:13 +01:00
Nasreddine Bencherchali 20b0a6bad8 Rule Dev 2022-11-18 11:15:28 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth 026af279de fix: duplicate UUID 2022-11-09 09:56:04 +01:00
Florian Roth 50baf18a68 rule: amsi bypass script - psh rule 2022-11-09 09:48:19 +01:00
Nasreddine Bencherchali 5ee9428e59 Fix 2022-11-03 09:39:48 +01:00
Mustafa Kaan Demir 27822a0827 DomainPasswordSpray Attacks Rule 2022-10-29 09:36:40 +02:00
Nasreddine Bencherchali efe0cf5871 Add/Update Exchange/Mailbox Rules 2022-10-26 23:17:54 +02:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
frack113 1e5ae09c4b Order yaml field 2022-10-26 09:43:39 +02:00
Nasreddine Bencherchali 1258eca847 fix: Fix typo in selection 2022-10-25 01:47:53 +02:00
Nasreddine Bencherchali ada1121447 Add Office Token Stealing Rules 2022-10-25 01:14:27 +02:00
Nasreddine Bencherchali 87e8e7fa33 Create posh_ps_susp_service_dacl_modification_set_service.yml 2022-10-24 12:17:41 +02:00
Qasim Qlf 2c4ea3761a Update and rename posh_ps_copy_item_system32.yml to posh_ps_copy_item_system_directory.yml 2022-10-20 14:31:48 +05:00
phantinuss f976ad48c1 Merge pull request #3602 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-20 10:28:56 +02:00
frack113 27ad27c3c0 Merge pull request #3608 from unamuno/patch-mitreid 
changed mitre id from process to user discovery
 2022-10-19 22:31:37 +02:00