security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,806 Commits 1 Branch 57 Tags
aa79f4a5ee080388ce5fe578cc87802df8c5abc3
Commit Graph

639 Commits

Author SHA1 Message Date
Nasreddine Bencherchali a0a318edfc Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 15:17:48 +01:00
Nasreddine Bencherchali a46b20b78c Update proc_creation_lnx_cve_2022_33891_spark_shell_command_injection.yml 2022-07-21 14:42:54 +01:00
Nasreddine Bencherchali a8b283ba5f Update 2022-07-20 13:40:24 +01:00
Nasreddine Bencherchali 1392ca1ec5 Fix review 2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali cee1206b18 Update proc_creation_lnx_system_network_discovery.yml 2022-07-11 18:18:38 +01:00
Nasreddine Bencherchali 62574e9b0c Update Ref+Selection 3 2022-07-11 18:12:51 +01:00
Nasreddine Bencherchali 238e0ecd7d Update Ref+Selection 2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali aec95b6d65 Update selections and indentation 2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali d03f6df250 Reference Update [Batch 1] 2022-07-07 15:24:15 +01:00
Nasreddine Bencherchali 6cd83a232d Update file_create_lnx_persistence_sudoers_files.yml 2022-07-05 19:43:58 +01:00
Nasreddine Bencherchali d89b20d06e Switch links to permalinks 2022-07-05 19:43:07 +01:00
Nasreddine Bencherchali 83387d2ca9 Update and Fix 2022-07-05 19:28:28 +01:00
Nasreddine Bencherchali 9024f223e7 Update file_create_lnx_triple_cross_rootkit_persistence.yml 2022-07-05 16:06:49 +01:00
Nasreddine Bencherchali 498cc55a86 Triple Cross Rules 2022-07-05 15:58:22 +01:00
securepeacock ecdd32c462 Update lnx_auditd_hidden_files_directories.yml 
Fixing typo.
 2022-06-29 13:24:24 -04:00
Florian Roth 926d72f7c2 fix: missing upper tick 2022-06-22 07:07:38 +02:00
Florian Roth e04003577f Update proc_creation_lnx_susp_history_recon.yml 2022-06-22 07:05:03 +02:00
Florian Roth fe72dbf62f Update proc_creation_lnx_susp_history_delete.yml 2022-06-22 07:04:30 +02:00
Florian Roth 8096f06c18 fix: condition 2022-06-21 17:55:49 +02:00
Florian Roth ffbe19404e fix: two rules 2022-06-21 17:45:50 +02:00
Florian Roth 3f189e52c1 fix: typo in status 2022-06-21 17:21:44 +02:00
Florian Roth d2e86f9001 rule: Linux cmdline rules 2022-06-21 08:26:23 +02:00
Florian Roth f728893364 refactor: rule level adjustments - critical to high 2022-06-18 17:43:22 +02:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Nasreddine Bencherchali 5bf7b49671 Renamed More Rules 2022-06-14 19:28:27 +01:00
Florian Roth 21c363cec9 Merge pull request #3102 from securepeacock/patch-25 
Create proc_creation_lnx_nohup.yml
 2022-06-07 10:47:34 +02:00
Florian Roth cc67d69360 Merge pull request #3100 from hazedav/dd-endswith 
fix(rule): lnx_dd_file_overwrite /bin symlinks
 2022-06-07 10:45:56 +02:00
Florian Roth 9d4822b400 Update proc_creation_lnx_nohup.yml 2022-06-07 10:35:08 +02:00
securepeacock e7b47c9069 Create proc_creation_lnx_nohup.yml 2022-06-06 23:22:50 -04:00
David Hazekamp bc26970596 fix(rule): lnx_dd_file_overwrite /bin symlinks 
This rule is subject to false negatives for *nix distros which
alias /bin to /usr/bin.  By using endswith we can catch dd usage
for either /bin or /usr/bin.
 2022-06-06 09:27:27 -05:00
securepeacock 1641eddaeb Create proc_creation_lnx_susp_chmod_directories.yml 2022-06-03 19:24:02 -04:00
phantinuss c2c1a2dcb7 Merge pull request #3090 from frack113/refractor_condition 
Refactor condition
 2022-06-03 17:02:31 +02:00
frack113 8de0027ca3 refactor condition 2022-06-03 15:35:24 +02:00
phantinuss 8bdd2562fb fix: avoid regex, not actually needed 2022-06-03 14:55:09 +02:00
phantinuss 1cb985487c windows and linux python pty spawning 2022-06-03 12:17:33 +02:00
phantinuss 984b0e553c chore: reduce rule level 2022-06-03 12:17:33 +02:00
Nasreddine Bencherchali 777b123ad0 Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 08:38:24 +01:00
Nasreddine Bencherchali b2b070b516 Quick Update 2022-06-03 08:31:53 +01:00
Nasreddine Bencherchali 66e0c405c8 Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 08:09:14 +01:00
Nasreddine Bencherchali bb41bb6905 Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 01:25:59 +01:00
Nasreddine Bencherchali 8f947693ec Update proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 01:24:09 +01:00
Nasreddine Bencherchali 0a0418615c Create proc_creation_lnx_atlassian_confluence_cve_2022_26134.yml 2022-06-03 01:13:40 +01:00
frack113 b9a0c7e437 Mitre Update 2022-05-26 18:39:42 +02:00
zakibro 7a33aac1ed Update lnx_auditd_keylogging_with_pam_d.yml 
adding missing uuid
 2022-05-24 17:15:54 +02:00
zakibro 89d88288d6 New detection - Linux Keylogging 2022-05-24 17:05:38 +02:00
phantinuss 112b715dd6 chore: test rules: reactivate single value list check 2022-05-10 17:13:04 +02:00
phantinuss b4fdb13e8a chore: test rules: check for unused selections 2022-05-10 11:07:40 +02:00
phantinuss b991a5be52 chore: test rules: warn on errors or invalid FP reasons 
also adapted the existing rules to pass the tests
 2022-05-09 16:07:55 +02:00
frack113 a305a0be45 Merge pull request #2983 from d4rk-d4nph3/master 
Added rule for Nimbuspwn exploitation
 2022-05-05 20:41:30 +02:00
Bhabesh a70e96355c Beautify the rule 2022-05-05 23:48:41 +05:45