security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,909 Commits 1 Branch 57 Tags
aa8c18c0a5b2cd78bba2d2ff0fe3fa975d116e95
Commit Graph

14909 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali aa8c18c0a5 Merge pull request #4066 from nasbench/nasbench-rule-devel 
feat: multiple updates and fixes
 2023-02-22 17:20:58 +01:00
frack113 ae45af68ab Update proc_creation_win_hktl_jlaive_batch_execution.yml 2023-02-22 17:13:48 +01:00
frack113 f2c3954e74 Update proc_creation_win_hktl_crackmapexec_execution_patterns.yml 2023-02-22 17:13:02 +01:00
Nasreddine Bencherchali bf82309e2d Merge pull request #4068 from nasbench/pr-issue-templates 
Update bug_report.md
 2023-02-22 14:38:10 +01:00
Nasreddine Bencherchali 319bc91867 Update bug_report.md 2023-02-22 14:21:46 +01:00
Nasreddine Bencherchali 7e9408bd3a Merge pull request #4067 from nasbench/pr-issue-templates 
feat: add issues templates and update pr template
 2023-02-22 13:43:33 +01:00
Nasreddine Bencherchali 69c28fedbc fix: typo 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:16:49 +01:00
Nasreddine Bencherchali 02d6d571cb fix: apply suggestions from 2nd code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:15:49 +01:00
Nasreddine Bencherchali 7f6b405c6b fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 11:39:06 +01:00
Nasreddine Bencherchali 2cd41ec2ad Update PULL_REQUEST_TEMPLATE.md 2023-02-22 11:17:14 +01:00
Nasreddine Bencherchali fc3c6ef4c7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-22 11:05:50 +01:00
Nasreddine Bencherchali 1363d0bea2 Update .github/PULL_REQUEST_TEMPLATE.md 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 11:00:52 +01:00
phantinuss db4fb9ff8e Merge pull request #4056 from D4rkCiph3r/installer-child 
Create proc_creation_macos_susp_installer_child_process.yml
 2023-02-22 09:04:58 +01:00
phantinuss 3fc4a344f2 Merge pull request #4062 from qasimqlf/patch-34 
fix: One value of imagePath was wrong
 2023-02-22 09:03:39 +01:00
frack113 1a14cd58db Update proc_creation_win_msiexec_dll.yml 2023-02-22 06:34:02 +01:00
frack113 bc5ec4fc88 Update proc_creation_win_auditpol_susp_execution.yml 2023-02-22 06:26:30 +01:00
Nasreddine Bencherchali a3f289a0ae Update false_positive_report.yml 2023-02-21 23:34:56 +01:00
Nasreddine Bencherchali 0e26a2509a Update false_positive_report.yml 2023-02-21 23:34:13 +01:00
Nasreddine Bencherchali 275748b671 fix: add missing space + rename file 2023-02-21 23:29:47 +01:00
Nasreddine Bencherchali 9921a724f7 Update PULL_REQUEST_TEMPLATE.md 2023-02-21 23:23:35 +01:00
Nasreddine Bencherchali ca5107890b Update bug_report.md 2023-02-21 23:23:17 +01:00
Nasreddine Bencherchali 8220d9b5b2 fix: add slash to image field 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-21 23:17:09 +01:00
Nasreddine Bencherchali 5c70495257 feat: add issues templates and update pr template 2023-02-21 23:10:18 +01:00
Nasreddine Bencherchali 5f1231b5f2 fix: unused selection 2023-02-21 22:25:34 +01:00
Nasreddine Bencherchali dbf4e05309 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-21 22:16:07 +01:00
Nasreddine Bencherchali 63888f7a53 feat: multiple fixes and updates 2023-02-21 22:15:30 +01:00
Thomas Patzke b4f8a7a118 Merge pull request #4064 from fukusuket/fix-sigmac-conversion-error-with-base64offset-contains-rule 
fix: sigmac conversion error with `base64offset|contains` rule
 2023-02-21 21:33:22 +01:00
Nasreddine Bencherchali b246439c75 Merge pull request #4065 from phantinuss/master 
FP fix + cti submodule update
 2023-02-21 16:52:33 +01:00
phantinuss 2530cd72de chore: update submodule cti 2023-02-21 16:38:33 +01:00
phantinuss ecc41ad20b fix: FP with chocolatey 2023-02-21 16:38:05 +01:00
fukusuket f710664dc0 fix: sigmac conversion error with base64offset|contains rule 2023-02-21 21:53:05 +09:00
Florian Roth 3085a4025a Update PULL_REQUEST_TEMPLATE.md 2023-02-20 19:37:30 +01:00
Florian Roth 0a734bde8c Merge pull request #4061 from wagga40/master 
Typo correction
 2023-02-20 17:29:48 +01:00
Nasreddine Bencherchali 41e844e0cc fix: add missing modified 2023-02-20 17:08:48 +01:00
Qasim Qlf 908b25bccb fix: One value of imagePath was wrong 
it was "clip" that is already covered by "clipboard]::".

Real value is "&&" .

Reference: 
Sigma Rule Id: 4edf51e1-cb83-4e1a-bc39-800e396068e3
Link: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml
 2023-02-20 20:49:52 +05:00
D4rkCiph3r 848a64fa69 Create proc_creation_macos_persistence_via_plistbuddy.yml (#4057) 2023-02-20 14:15:31 +01:00
D4rkCiph3r d0af939108 Create proc_creation_macos_enable_guest_account.yml (#4054) 2023-02-20 14:13:52 +01:00
Wagga 7387648bb1 Update proc_creation_win_mstsc_remote_connection.yml 2023-02-20 14:13:26 +01:00
D4rkCiph3r f9a73c7a79 Update proc_creation_macos_create_account.yml (#4052) 2023-02-20 14:13:06 +01:00
Wagga e7492c0f75 Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:51 +01:00
Wagga fae6d7066a Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:32 +01:00
Wagga 71b849146c Update proc_creation_win_certutil_export_pfx.yml 2023-02-20 14:11:48 +01:00
Wagga ffc9044b07 Update registry_add_persistence_amsi_providers.yml 2023-02-20 14:11:11 +01:00
Wagga 2d283ff885 Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:10:03 +01:00
Wagga cbc9a10eba Update java_xxe_exploitation_attempt.yml 2023-02-20 14:08:28 +01:00
D4rkCiph3r 97e2717343 Update proc_creation_macos_susp_installer_child_process.yml 
Updated the selection syntax
 2023-02-20 18:19:43 +05:30
Nasreddine Bencherchali b1866adb07 Merge pull request #4049 from nasbench/nasbench-rule-devel 
feat: new rules, updates and fixes
 2023-02-20 13:44:04 +01:00
Nasreddine Bencherchali ef68f4b116 Merge pull request #4050 from nasbench/pr-issue-templates 
feat: add PULL_REQUEST_TEMPLATE.md
 2023-02-20 13:18:49 +01:00
Nasreddine Bencherchali d86e5122cf Merge pull request #4060 from qasimqlf/patch-33 
fix: typo in taskName property
 2023-02-20 12:16:26 +01:00
Qasim Qlf 2ec65de9a2 fix: taskName property 2023-02-20 16:08:53 +05:00