security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,605 Commits 1 Branch 57 Tags
aaafef29b4aa53e8ebb5cd488dbf873865402dcc
Commit Graph

132 Commits

Author SHA1 Message Date
frack113 aaafef29b4 Redcannary 2022-04-04 10:57:23 +02:00
Florian Roth 3f1b8ff727 Update posh_ps_susp_get_addefaultdomainpasswordpolicy.yml 2022-03-21 12:09:33 +01:00
Florian Roth 7ebdfda1b8 Update posh_ps_susp_get_addefaultdomainpasswordpolicy.yml 2022-03-21 11:54:45 +01:00
frack113 ab471b11ae Redcannary 2022-03-20 08:36:07 +01:00
frack113 45cfdab828 Revert "Redcannary" 2022-03-20 08:11:11 +01:00
frack113 1060009949 Redcannary 2022-03-18 11:15:05 +01:00
frack113 41fce11b76 Merge pull request #2820 from frack113/day_off 
Windows Redcannary
 2022-03-18 08:18:18 +01:00
Florian Roth 1118189032 Update posh_ps_susp_get_adgroup.yml 2022-03-17 20:23:14 +01:00
Florian Roth 8c69b3977f Update posh_ps_susp_directory_enum.yml 2022-03-17 20:22:51 +01:00
Florian Roth a5cfb87ee1 Update posh_ps_as_rep_roasting.yml 2022-03-17 20:22:11 +01:00
Florian Roth c855a38f98 Merge pull request #2819 from frack113/fp_test 
posh_ps_remove_item_path fix registry FP
 2022-03-17 18:44:53 +01:00
frack113 829409d29a Redcannary 2022-03-17 16:48:41 +01:00
frack113 6da13f19a6 fix registry FP 2022-03-17 14:26:12 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 6ae28b7a1c fix: legitimate --> Legitimate 2022-03-16 14:35:19 +01:00
phantinuss 84d0c472ba fix: remove penetration test as valid false positive reason 2022-03-16 14:33:18 +01:00
phantinuss 4585133325 fix: remove penetration testing as a valid false positive 2022-03-16 13:51:26 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
frack113 c6d37d4a78 fix yaml 2022-03-08 19:14:46 +01:00
frack113 5938569d3e Refactor regex 2022-03-08 19:07:37 +01:00
frack113 f9c0e21323 Refactor regex 2022-03-07 19:08:30 +01:00
Florian Roth ec62ec6bbb fix: values missed escaping 2022-03-05 10:39:15 +01:00
Florian Roth e57b952455 Merge branch 'master' into rule-devel 2022-03-04 16:34:52 +01:00
Florian Roth 8012efa9b5 refactor: some adjustments 2022-03-04 16:34:15 +01:00
Florian Roth eb06a6fdd1 Merge pull request #2764 from SigmaHQ/rule-devel 
refactor: PowerShell Defender modifications
 2022-03-03 23:29:08 +01:00
Florian Roth b3b5b2cbdd refactor: PowerShell Defender modifications 2022-03-03 13:53:06 +01:00
nNipsx b43e37518e update Author contribute 2022-03-03 14:34:13 +07:00
frack113 19ba2fe16c Update posh_ps_detect_vm_env.yml 2022-03-03 08:12:01 +01:00
nNipsx f57bb708bb Update another command line of Get-WmiObject (gwmi) 2022-03-03 11:04:26 +07:00
phantinuss 8212b1a2ad fix: FP 2022-02-23 17:18:53 +01:00
phantinuss 329b5aa0eb fix: reduce level, many legitimate usages expected 2022-02-23 14:13:12 +01:00
Florian Roth 35d4c8bc69 fix: FPs noticed in THOR testing 2022-02-21 10:15:27 +01:00
phantinuss 12fffc5fd5 fix: more chocolatey FPs 2022-02-16 16:31:11 +01:00
frack113 7e3c088165 Windows Redcannary 2022-02-12 15:53:13 +01:00
phantinuss 646ce36809 fix: use doublequotes instead of ' because of ' in string 2022-02-11 16:52:45 +01:00
phantinuss 809f7abbb8 fix: several FPs against a fresh installed Windows with example applications and basic user interaction 3 2022-02-11 16:38:52 +01:00
Florian Roth 97dacc4ffc refactor: increased level to medium 2022-02-06 14:17:38 +01:00
frack113 62611e0e39 add posh_ps_get_adreplaccount 2022-02-06 11:15:00 +01:00
frack113 2887cf2800 Merge pull request #2623 from frack113/red_t1555_003 
Redcannary windows
 2022-02-03 22:23:19 +01:00
frack113 d1268d040c Change status and related 2022-02-03 06:53:50 +01:00
frack113 8eeadb9beb Add other browser 2022-02-03 06:38:43 +01:00
Florian Roth d2e741cf9a Merge pull request #2628 from frack113/redcannay_t1553_005 
Windows Redcannary T1553.005
 2022-02-02 18:38:55 +01:00
phantinuss 65c3a72715 fix: used in legitimate microsoft scripts 2022-02-02 11:00:43 +01:00
frack113 3c0f4b79c9 Windows Redcannary T1553.005 2022-02-01 18:41:53 +01:00
frack113 0bcb842c70 Redcannary windows 2022-01-30 18:47:49 +01:00
frack113 1aa7697ca8 Update posh_ps_clear_powershell_history.yml 2022-01-27 16:16:57 +01:00
Florian Roth d52602dd5e Update posh_ps_clear_powershell_history.yml 2022-01-26 18:09:09 +01:00
Florian Roth feedcee6bf Update posh_ps_clear_powershell_history.yml 2022-01-26 17:57:26 +01:00
frack113 818b20b949 add posh_ps_clear_powershell_history 2022-01-25 19:58:18 +01:00
frack113 8a47c56397 Merge pull request #2595 from frack113/red_20220123b 
Windows Redcannary
 2022-01-25 06:21:17 +01:00