security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,806 Commits 1 Branch 57 Tags
aa79f4a5ee080388ce5fe578cc87802df8c5abc3
Commit Graph

11806 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali aa79f4a5ee Update web_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:34:11 +01:00
Nasreddine Bencherchali a0a318edfc Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:17:48 +01:00
Nasreddine Bencherchali a46b20b78c Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 14:42:54 +01:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 06c9ba2730 Renamed File 2022-07-19 18:38:10 +01:00
Nasreddine Bencherchali 32b028fb16 Create web_cve_2022_33891_spark_rce.yml 2022-07-19 17:15:14 +01:00
Florian Roth fd30a06112 Merge pull request #3240 from nasbench/uac-bypass-image-load 
Iscsicpl UAC Bypass + Generic Rule
 2022-07-19 16:38:34 +02:00
Florian Roth 96f7750cb8 Merge pull request #3242 from nasbench/wpbbin-persistence 
UEFI Persistence - wpbbin
 2022-07-18 15:47:34 +02:00
Florian Roth 9c4fe12eda Merge pull request #3241 from SigmaHQ/rule-devel 
New rules: Ngrok, Obfusc PowerShell
 2022-07-18 15:46:31 +02:00
Florian Roth 44b424e3cf refactor: WSMAN Provider Image Loads & empty cmdline 2022-07-18 13:55:14 +02:00
Nasreddine Bencherchali 492f754f29 UEFI Persistence - wpbbin 2022-07-18 12:45:44 +01:00
Florian Roth b692bbb9bb fix: typo - missing dot 2022-07-18 13:28:52 +02:00
Florian Roth d8792692d7 fix: typo 2022-07-18 13:27:38 +02:00
Florian Roth fe6d57cf8d Merge branch 'master' into rule-devel 2022-07-18 13:16:52 +02:00
Florian Roth a62fb4d501 Merge branch 'master' into rule-devel 2022-07-18 13:16:26 +02:00
Florian Roth 4e1f453d06 Merge pull request #3236 from frack113/ransomware 
Add file_rename_win_ransomware
 2022-07-18 13:16:16 +02:00
Florian Roth a8dfe50048 fix: tag list 2022-07-18 13:03:56 +02:00
Florian Roth 56944de525 Update file_rename_win_ransomware.yml 2022-07-18 12:55:58 +02:00
Nasreddine Bencherchali d32816f7a2 Iscsicpl UAC Bypass + Generic Rule 2022-07-18 11:50:55 +01:00
Florian Roth dbdb721dde Update file_rename_win_ransomware.yml 2022-07-18 12:44:51 +02:00
Florian Roth 3291db17da Update file_rename_win_ransomware.yml 2022-07-18 12:43:54 +02:00
Florian Roth 5bfd9b78f1 Update file_rename_win_ransomware.yml 2022-07-18 12:23:23 +02:00
Florian Roth b2eb760ba6 Merge pull request #3235 from frack113/update_16bit 
Add csrstub.exe
 2022-07-18 12:20:19 +02:00
frack113 f161f6d051 Fix modified 2022-07-16 20:56:13 +02:00
frack113 5364af737b Update file_rename_win_ransomware.yml 2022-07-16 20:53:11 +02:00
frack113 04594d5556 Add file_rename_win_ransomware 2022-07-16 20:43:24 +02:00
frack113 79f6b200cc Add csrstub.exe 2022-07-16 19:54:16 +02:00
Florian Roth b24e7ae984 Merge pull request #3233 from frack113/16bit 
Add proc_creation_win_susp_16bit_application
 2022-07-16 17:58:43 +02:00
frack113 00886a2b33 Add proc_creation_win_susp_16bit_application 2022-07-16 17:36:53 +02:00
Florian Roth 864da0680d rule: communication to ngrok.io 2022-07-16 08:15:32 +02:00
Florian Roth 749a7b4df5 Merge branch 'master' into rule-devel 2022-07-16 08:15:20 +02:00
Florian Roth f1082ba790 Merge pull request #3232 from pH-T/master 
blackbyte rules
 2022-07-15 17:31:00 +02:00
Florian Roth c232aaa7d8 Update dns_query_win_anonymfiles_com.yml 2022-07-15 16:20:10 +02:00
Paul Hager e35587e922 fix: fixed rule condition 2022-07-15 12:28:11 +02:00
Paul Hager 1529d0377e blackbyte rules 2022-07-15 12:09:55 +02:00
frack113 73d87029ab Merge pull request #3227 from frack113/related 
Add related for remove rules
 2022-07-15 09:10:53 +02:00
frack113 e3d3979786 Add related for remove rules 2022-07-15 08:36:51 +02:00
Thomas Patzke 30d4c8f102 Merge pull request #3222 from akshay-chaturvedi/dnif-backend 
New backend for DNIF Hyperscale SIEM
 2022-07-15 08:04:22 +02:00
Florian Roth 6217eb2a26 Merge pull request #3224 from frack113/rpc_135 
RPC epmap tools
 2022-07-14 21:58:13 +02:00
Florian Roth b52b279f30 Merge pull request #3225 from nasbench/master 
New Rules + Update
 2022-07-14 21:58:01 +02:00
Florian Roth f0e7a0aa2a Merge pull request #3226 from redsand/fp_aws_workspaces 
False positive when amazon workspaces is running and doing its weird …
 2022-07-14 21:55:51 +02:00
Tim Shelton 6187cfdfd6 False positive when amazon workspaces is running and doing its weird little things 2022-07-14 19:41:52 +00:00
Nasreddine Bencherchali e4f964879e Fix after review 2022-07-14 19:34:59 +01:00
Nasreddine Bencherchali 92b0239f27 Update proc_creation_win_powershell_susp_parameter_variation.yml 2022-07-14 17:43:04 +01:00
Nasreddine Bencherchali 16b2945027 New Rules + Update 2022-07-14 17:35:50 +01:00
frack113 97cd835d34 Update description 2022-07-14 17:30:06 +02:00
frack113 09841c9caf Add net_connection_win_susps_epmap 2022-07-14 17:25:56 +02:00
Florian Roth 8ace9631d0 Merge pull request #3220 from frack113/Eventdata_Data 
Remove some keywords
 2022-07-14 08:31:43 +02:00
akshay-chaturvedi 4625d8fb6c Merge branch 'SigmaHQ:master' into dnif-backend 2022-07-13 17:30:17 +05:30
frack113 33b370d49b Merge pull request #3221 from bornatalebi/patch-1 
Add FP from reference link
 2022-07-13 06:52:45 +02:00