security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,488 Commits 1 Branch 57 Tags
aff6bbba7b8e5e0fc45069dfdba6e65fd11545c5
Commit Graph

8488 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 aff6bbba7b Merge pull request #2191 from securepeacock/patch-3 
Create sysmon_powershell_startup_shortcuts.yml
 2021-10-25 07:36:20 +02:00
frack113 e1d8c547b6 Merge pull request #2188 from austinsonger/powershell_azurehound_commands.yml 
powershell_azurehound_commands.yml
 2021-10-25 07:35:44 +02:00
securepeacock 8b45c6687c Update sysmon_powershell_startup_shortcuts.yml 2021-10-24 16:07:40 -04:00
securepeacock 265faf6337 Update sysmon_powershell_startup_shortcuts.yml 2021-10-24 14:15:04 -04:00
securepeacock 03301a0652 Rename sysmon_powershell_startup_shortcuts to sysmon_powershell_startup_shortcuts.yml 2021-10-24 13:56:01 -04:00
securepeacock 75f4f439da Create sysmon_powershell_startup_shortcuts 2021-10-24 13:32:22 -04:00
frack113 406f10b583 Merge pull request #2186 from austinsonger/certoc.exe 
process_creation_certoc_execution.yml
 2021-10-24 18:45:02 +02:00
Florian Roth e99e6182ae Merge pull request #2190 from SigmaHQ/rule-devel 
rule: monero mining pools dns lookup
 2021-10-24 18:22:19 +02:00
Austin Songer 85d7cb6f3e Update process_creation_certoc_execution.yml 2021-10-24 11:06:51 -05:00
Florian Roth d051e1418b docs: changed title 2021-10-24 15:47:14 +02:00
Florian Roth 7eeecf9c6a fix: missing upper tick in every line 2021-10-24 15:46:31 +02:00
Florian Roth 86e9f782cb rule: monero mining pools dns lookup 2021-10-24 15:44:44 +02:00
frack113 2d2ba0b922 Merge pull request #2184 from davedhoff/master 
Import Iterable from collections.abc
 2021-10-24 10:54:11 +02:00
frack113 2c955ea0ca Merge pull request #2185 from austinsonger/process_creation_stordiag_execution.yml 
process_creation_stordiag_execution.yml
 2021-10-24 09:44:34 +02:00
frack113 587c413a12 fix typo error 2021-10-24 09:08:20 +02:00
frack113 4dc82c95b6 Update process_creation_stordiag_execution.yml 2021-10-24 08:52:23 +02:00
Austin Songer 923391224a Create powershell_azurehound_commands.yml 2021-10-23 18:27:36 -05:00
Austin Songer 684d266100 Merge branch 'SigmaHQ:master' into master 2021-10-23 17:25:05 -05:00
Florian Roth f3e530bfba Update LICENSE 2021-10-23 23:09:54 +02:00
Florian Roth 916172de53 Update README.md 2021-10-23 23:09:35 +02:00
Florian Roth a712a0d14e Create LICENSE 2021-10-23 23:08:51 +02:00
Austin Songer a78d6cce5f Create process_creation_certoc_execution.yml 2021-10-23 14:10:40 -05:00
Austin Songer 9d1caf6eb8 Merge branch 'SigmaHQ:master' into certoc.exe 2021-10-23 14:10:11 -05:00
Austin Songer b946106103 Delete process_creation_certoc_execution.yml 2021-10-23 14:09:58 -05:00
Austin Songer 4803d61f7f Create process_creation_certoc_execution.yml 2021-10-23 14:09:28 -05:00
Austin Songer 448c86587f Update process_creation_stordiag_execution.yml 2021-10-23 13:29:16 -05:00
frack113 b267504708 Merge pull request #2179 from frack113/fix_sysmon_in_memory_assembly_execution 
Fix sysmon in memory assembly execution
 2021-10-23 10:11:08 +02:00
frack113 5bc38f6a7f Merge pull request #2178 from frack113/fix_sysmon_invoke_phantom 
fix cast for sysmon_invoke_phantom
 2021-10-23 10:10:55 +02:00
Austin Songer a5fae664b9 Create process_creation_stordiag_execution.yml 2021-10-22 19:48:10 -05:00
davedhoff e772dbf0a9 Import Iterable from collections.abc 2021-10-22 13:56:47 -05:00
frack113 b4d5b44ea8 Merge pull request #2180 from 0xThiebaut/workfolders 
Add LOLBin rule win_susp_workfolders
 2021-10-21 19:11:08 +02:00
frack113 8595478b36 Merge pull request #2149 from OTRF/feature/Sysmon-For-Linux-Rules 
OTR - Migrating rules to Sysmon for Linux schema :)
 2021-10-21 19:10:32 +02:00
frack113 963f32063f Merge pull request #2148 from SigmaHQ/rule-devel 
First Linux Process Creation and Network Connection rules (Sysmon for Linux)
 2021-10-21 19:10:08 +02:00
frack113 217ac5c9a3 Merge pull request #2170 from frack113/redcanary_T1564_003 
add rule powershell_suspicious_windowstyle
 2021-10-21 18:07:48 +02:00
frack113 39fac24ee6 Merge pull request #2169 from frack113/ExecutionPolicy_Unrestricted 
Add rule powershell_set_policies_to_unsecure_level
 2021-10-21 18:07:26 +02:00
frack113 ab58db3545 Merge pull request #2177 from V1D1AN/V1D1AN-ecs-auditbeat 
Modify event.provider to event.module
 2021-10-21 15:52:29 +02:00
Maxime THIEBAUT 9c25c89dbb Add LOLBin rule win_susp_workfolders 2021-10-21 11:43:27 +02:00
frack113 1775db7fe8 fix cast 2021-10-21 09:58:32 +02:00
frack113 4394aa685d fix cast 2021-10-21 09:47:06 +02:00
frack113 6c7d5124f5 fix detection 2021-10-21 09:28:33 +02:00
Florian Roth 1c51b3d0a9 Merge pull request #2174 from frack113/fix_sysmon_cred_dump_lsass_access 
fix sysmon_cred_dump_lsass_access
 2021-10-21 08:41:19 +02:00
V1D1AN a47645a084 Modify event.provider to event.module 2021-10-21 08:34:41 +02:00
frack113 a074b11264 Merge pull request #2166 from securepeacock/patch-2 
Create registry_event_mal_netwire.yml
 2021-10-21 06:39:13 +02:00
frack113 1da5199a49 Merge pull request #2165 from phantinuss/master 
feat: mstsc history cleared
 2021-10-21 06:38:44 +02:00
frack113 216b2d65d9 fix SourceImage 2021-10-20 19:45:38 +02:00
frack113 20e760733a Merge pull request #2171 from StefanGrimminck/add-mitre-mapping 
add MITRE technique mapping
 2021-10-20 17:08:53 +02:00
frack113 f45450a7dc Merge pull request #2173 from al3t/patch-1 
Update winlogbeat-modules-enabled.yml
 2021-10-20 17:08:24 +02:00
al3t 7500346ce7 Update winlogbeat-modules-enabled.yml 
updating field mapping
 2021-10-20 17:06:55 +03:00
Stefan Grimminck 47502e6701 add MITRE technique mapping 2021-10-20 14:29:57 +02:00
frack113 a9bc26f37c add powershell_suspicious_windowstyle 2021-10-20 13:57:24 +02:00