security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,648 Commits 1 Branch 57 Tags
ad0d3f58ac3e13f3fbbdcd7d337beef92de9ee47
Commit Graph

15648 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali ad0d3f58ac fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali 72b658b4c2 Update proc_creation_win_susp_ntfs_short_name_use_image.yml 2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali a97c96aacc fix: fp 2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali db9214e8d2 fix: typos 2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali 1ed5629eb2 feat: update filter 2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali f7acf07882 Merge branch 'SigmaHQ:master' into new-rules-13-07-23 2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali 73f44e61d1 feat: add more rules 2023-07-20 13:47:30 +02:00
frack113 9acc4e1823 feat: add rules related to pwsh set-acl cmdlet usage (#4352) 2023-07-20 11:08:44 +02:00
phantinuss cf29e28a54 Merge pull request #4353 from phantinuss/master 
chore: update submodule tests/cti
 2023-07-19 14:25:51 +02:00
phantinuss 0055269b8e chore: update submodule tests/cti 2023-07-19 14:10:39 +02:00
Florian Roth 4de6102dc7 Merge pull request #4351 from SigmaHQ/rule-devel 
Windows Defender Signature Removal: level from 'medium' to 'high'
 2023-07-18 14:18:26 +02:00
Florian Roth 764963c2c7 refactor: increased level 2023-07-18 14:09:12 +02:00
Florian Roth 9463000c71 Merge branch 'master' into rule-devel 2023-07-18 13:41:01 +02:00
Florian Roth 88fe9c6245 Merge pull request #4350 from joshnck/patch-4 
Fixed typo in comment
 2023-07-17 22:06:30 +02:00
Josh f083be8458 Fixed typo in comment 
DragonOK and not dargonOK :)
 2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali 3cb4bdc86c Merge pull request #4347 from frack113/update_Readme 
Update README.md
 2023-07-17 14:35:25 +02:00
Nasreddine Bencherchali 7ca5639d1d Merge pull request #4346 from X-Junior/CVE-2023-36884-rules 
feat: new rules related to CVE-2023-36884
 2023-07-17 14:31:33 +02:00
Nasreddine Bencherchali 4e626ac9ba Update README.md 2023-07-17 14:25:37 +02:00
phantinuss b99089e252 fix: typo 2023-07-17 13:57:27 +02:00
Mohamed Ashraf (X__Junior) dc9a5c9263 Update cti 2023-07-17 14:44:15 +03:00
Nasreddine Bencherchali 60cd15bd29 Merge pull request #4336 from securepeacock/patch-55 2023-07-17 12:23:08 +02:00
Nasreddine Bencherchali 2c3d19f335 Merge pull request #4293 from danielbohannon/patch-1 2023-07-17 12:19:05 +02:00
Nasreddine Bencherchali a5906be61d Merge pull request #4344 from frack113/redcannary_T1070_008 2023-07-17 12:15:09 +02:00
Nasreddine Bencherchali 9f13d9bb23 Merge pull request #4339 from frack113/redcannary_t1012 2023-07-17 12:14:57 +02:00
Nasreddine Bencherchali ee9ced87be feat: update path 2023-07-17 12:14:37 +02:00
Nasreddine Bencherchali 3921490664 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-17 12:08:34 +02:00
Nasreddine Bencherchali 981ceebab2 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-17 12:04:58 +02:00
Nasreddine Bencherchali bea4310b52 Update rules-threat-hunting/windows/powershell/powershell_script/posh_ps_mailbox_access.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-07-17 12:03:25 +02:00
frack113 6761b32a04 Change to regex 2023-07-17 09:54:51 +02:00
phantinuss db6bf8da10 fix: wording 2023-07-17 09:43:29 +02:00
frack113 9ac75808b8 Update README.md 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-14 11:17:37 +02:00
Nasreddine Bencherchali 6d419e6c31 chore: update metadata 2023-07-14 10:44:30 +02:00
Nasreddine Bencherchali d3cf1892fc chore: update metadata 2023-07-14 10:19:28 +02:00
frack113 99914ba9f8 Move to Hunting 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-14 09:00:33 +02:00
frack113 12e5d5ead9 Move to hunting 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-07-14 08:15:02 +02:00
Nasreddine Bencherchali ee761faffa chore: add reference 2023-07-13 23:46:55 +02:00
Nasreddine Bencherchali a953fe19d3 feat: add share access rule 2023-07-13 23:44:54 +02:00
Nasreddine Bencherchali 8726f310e7 chore: update metadata 2023-07-13 23:30:16 +02:00
frack113 9e9ae9a976 Merge branch 'SigmaHQ:master' into redcannary_T1070_008 2023-07-13 21:05:20 +02:00
Mohamed Ashraf (X__Junior) c10a6c9870 Create net_connection_win_office.yml 2023-07-13 19:23:38 +03:00
Nasreddine Bencherchali 08e0a297f3 feat: new rules and updates 2023-07-13 17:31:13 +02:00
Mohamed Ashraf (X__Junior) 81440fe0ea CVE-2023-36884 rules 2023-07-13 18:27:12 +03:00
Nasreddine Bencherchali dcfb4c5c28 Merge pull request #4337 from phantinuss/master 
fix: FP found in-the-wild
 2023-07-13 11:23:25 +02:00
Nasreddine Bencherchali 6e6726749c Merge pull request #4295 from danielbohannon/patch-3 2023-07-13 11:08:35 +02:00
Nasreddine Bencherchali 795179d9dc Merge branch 'master' into master 2023-07-13 11:07:45 +02:00
Nasreddine Bencherchali a1672f8dbb fix: remove ping filter 2023-07-13 11:05:00 +02:00
Nasreddine Bencherchali 6f261ae9c0 chore: move to TH folder 2023-07-13 10:56:27 +02:00
frack113 62256b104d fix: FP found with remote thread rule (#4342) 2023-07-13 10:04:03 +02:00
Nasreddine Bencherchali ccec820a01 feat: new rules & updates (#4328) 2023-07-13 10:01:05 +02:00
frack113 3d2b11ac5f Merge pull request #4345 from frack113/redcannary_t1087_002 
Update posh_ps_get_adcomputer
 2023-07-12 20:52:43 +02:00