blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	aa8c18c0a5	Merge pull request #4066 from nasbench/nasbench-rule-devel feat: multiple updates and fixes	2023-02-22 17:20:58 +01:00
$frack113$ frack113	ae45af68ab	Update proc_creation_win_hktl_jlaive_batch_execution.yml	2023-02-22 17:13:48 +01:00
$frack113$ frack113	f2c3954e74	Update proc_creation_win_hktl_crackmapexec_execution_patterns.yml	2023-02-22 17:13:02 +01:00
Nasreddine Bencherchali	69c28fedbc	fix: typo Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-22 12:16:49 +01:00
Nasreddine Bencherchali	02d6d571cb	fix: apply suggestions from 2nd code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-22 12:15:49 +01:00
Nasreddine Bencherchali	fc3c6ef4c7	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-02-22 11:05:50 +01:00
phantinuss	3fc4a344f2	Merge pull request #4062 from qasimqlf/patch-34 fix: One value of imagePath was wrong	2023-02-22 09:03:39 +01:00
$frack113$ frack113	1a14cd58db	Update proc_creation_win_msiexec_dll.yml	2023-02-22 06:34:02 +01:00
$frack113$ frack113	bc5ec4fc88	Update proc_creation_win_auditpol_susp_execution.yml	2023-02-22 06:26:30 +01:00
Nasreddine Bencherchali	5f1231b5f2	fix: unused selection	2023-02-21 22:25:34 +01:00
Nasreddine Bencherchali	dbf4e05309	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2023-02-21 22:16:07 +01:00
Nasreddine Bencherchali	63888f7a53	feat: multiple fixes and updates	2023-02-21 22:15:30 +01:00
phantinuss	ecc41ad20b	fix: FP with chocolatey	2023-02-21 16:38:05 +01:00
Nasreddine Bencherchali	41e844e0cc	fix: add missing modified	2023-02-20 17:08:48 +01:00
Qasim Qlf	908b25bccb	fix: One value of imagePath was wrong it was "clip" that is already covered by "clipboard]::". Real value is "&&" . Reference: Sigma Rule Id: 4edf51e1-cb83-4e1a-bc39-800e396068e3 Link: https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/security/win_security_invoke_obfuscation_clip_services_security.yml	2023-02-20 20:49:52 +05:00
Wagga	7387648bb1	Update proc_creation_win_mstsc_remote_connection.yml	2023-02-20 14:13:26 +01:00
Wagga	e7492c0f75	Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml	2023-02-20 14:12:51 +01:00
Wagga	fae6d7066a	Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml	2023-02-20 14:12:32 +01:00
Wagga	71b849146c	Update proc_creation_win_certutil_export_pfx.yml	2023-02-20 14:11:48 +01:00
Wagga	ffc9044b07	Update registry_add_persistence_amsi_providers.yml	2023-02-20 14:11:11 +01:00
Wagga	2d283ff885	Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml	2023-02-20 14:10:03 +01:00
Nasreddine Bencherchali	b1866adb07	Merge pull request #4049 from nasbench/nasbench-rule-devel feat: new rules, updates and fixes	2023-02-20 13:44:04 +01:00
Qasim Qlf	2ec65de9a2	fix: taskName property	2023-02-20 16:08:53 +05:00
m4nbat	ae469ddefe	New rules added for LockBit and Reddit used for C2. (#4045 )	2023-02-20 12:07:02 +01:00
Nasreddine Bencherchali	f0afc4cce6	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali	1d4a6dee3d	fix: more fp	2023-02-17 23:23:31 +01:00
Nasreddine Bencherchali	6a0b38291f	fix: fp found in baseline	2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali	1dba328ddc	fix: add missing modified	2023-02-17 22:52:09 +01:00
Yamato Security	9c673bbb15	added other potential IEX strings	2023-02-18 05:51:40 +09:00
Nasreddine Bencherchali	ee7d1d9890	feat: add reference	2023-02-17 19:58:26 +01:00
Nasreddine Bencherchali	787ea00ff7	feat: new rule for events.asp technique	2023-02-17 19:41:14 +01:00
Nasreddine Bencherchali	68c052aab7	feat: updates and fixes	2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali	164b3a36b6	Merge pull request #4043 from nasbench/certutil-other-updates feat: certutil rules updates + other fixes	2023-02-16 11:45:08 +01:00
Nasreddine Bencherchali	c56f7932e0	Merge pull request #4041 from nasbench/wmic-rules-updates feat: wmic rules update + other fixes	2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali	151171848a	Merge pull request #4038 from nasbench/nasbench-rule-devel feat: updates and enhancements	2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali	416c10e0d3	fix: yaml error in description	2023-02-16 11:15:06 +01:00
Nasreddine Bencherchali	4142819114	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-16 11:06:57 +01:00
Nasreddine Bencherchali	362f4e4e60	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-16 11:05:38 +01:00
Nasreddine Bencherchali	e2068c5cd0	Merge pull request #4001 from mbabinski/master feat: new rule related to Right-to-left override character in the CLI	2023-02-16 10:54:13 +01:00
Nasreddine Bencherchali	088ff06cc3	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-02-16 10:46:29 +01:00
Nasreddine Bencherchali	e2acd4a276	fix: add missing space	2023-02-16 01:40:01 +01:00
Nasreddine Bencherchali	927affe24a	fix: update metadata	2023-02-16 01:39:16 +01:00
Micah Babinski	0634364e5c	Updated rule with YAML unicode escaping	2023-02-15 14:54:37 -08:00
Nasreddine Bencherchali	f951fc7536	fix: remove unrelated bitsadmin selection	2023-02-15 21:18:38 +01:00
Nasreddine Bencherchali	d56da92948	fix: broken selection	2023-02-15 19:58:48 +01:00
Nasreddine Bencherchali	7ec76db26c	Merge branch 'master' into wmic-rules-updates	2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali	58e5201317	feat: update bitsadmin rules and other	2023-02-15 19:55:40 +01:00
Nasreddine Bencherchali	c168a7ad00	feat: update certutil rules	2023-02-15 19:55:39 +01:00
$frack113$ frack113	e52edb69c4	Merge pull request #4039 from fornotes/master Added New Rule for LPE via StorSvc DLL Hijack	2023-02-15 19:18:39 +01:00
Nasreddine Bencherchali	39e957d7ee	fix: update title	2023-02-15 19:11:39 +01:00

1 2 3 4 5 ...

9235 Commits