blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	b24e863a1c	feat: add VMwareToolBoxCmd persistence	2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali	1d10fd8d52	feat: update curl & wget rules	2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali	b20e7b449c	feat: rules update	2023-07-26 10:56:18 +02:00
phantinuss	202b79e8f8	Merge pull request #4360 from phantinuss/master fix: FPs in rules	2023-07-25 10:26:45 +02:00
phantinuss	250d6c0dd0	fix: selection to use all strings	2023-07-25 10:17:54 +02:00
phantinuss	9f9f2321de	fix: FP found with missing commandlines	2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali	d79fdf6f51	Merge pull request #4355 from nasbench/new-rules-13-07-23 feat: new rules and updates	2023-07-24 14:58:49 +02:00
Nasreddine Bencherchali	366aefca83	Merge pull request #4357 from frack113/quic	2023-07-24 14:58:27 +02:00
Nasreddine Bencherchali	e1d07780b3	fix: fp	2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali	ad0d3f58ac	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali	57a4dadd15	Merge pull request #4358 from frack113/redcannary_T1547_015	2023-07-24 12:13:34 +02:00
phantinuss	8be60ad99a	fix: typo	2023-07-24 11:59:53 +02:00
Nasreddine Bencherchali	72b658b4c2	Update proc_creation_win_susp_ntfs_short_name_use_image.yml	2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali	a97c96aacc	fix: fp	2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali	1825c6f544	Rename posh_ps_netshare_quic.yml to posh_ps_new_smbmapping_quic.yml	2023-07-24 10:59:49 +02:00
Nasreddine Bencherchali	f26a5256a1	Apply suggestions from code review	2023-07-24 10:59:09 +02:00
Nasreddine Bencherchali	6794bb0e27	Update file_event_win_susp_windows_terminal_profile.yml	2023-07-24 10:37:56 +02:00
Nasreddine Bencherchali	a845b93d6a	Apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-24 10:22:11 +02:00
$frack113$ frack113	c46546a017	Add file_event_win_susp_windows_terminal_profile Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-22 10:07:45 +02:00
$frack113$ frack113	8d28609c04	Merge pull request #4354 from frack113/sysmon_event Add Sysmon 28-29 rules	2023-07-21 18:35:44 +02:00
$frack113$ frack113	85ccd302b4	Add smb quic rules Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-21 18:35:04 +02:00
dependabot[bot]	e470026c0a	chore(deps-dev): bump aiohttp from 3.8.4 to 3.8.5 (#4356 ) Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.8.4 to 3.8.5. - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/v3.8.5/CHANGES.rst) - [Commits](https://github.com/aio-libs/aiohttp/compare/v3.8.4...v3.8.5) --- updated-dependencies: - dependency-name: aiohttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-21 11:40:23 +02:00
Nasreddine Bencherchali	1e02a7db4c	Apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-20 15:47:14 +02:00
Nasreddine Bencherchali	db9214e8d2	fix: typos	2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali	e6003c19cd	Apply suggestions from code review	2023-07-20 14:08:49 +02:00
Nasreddine Bencherchali	1ed5629eb2	feat: update filter	2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali	f7acf07882	Merge branch 'SigmaHQ:master' into new-rules-13-07-23	2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali	73f44e61d1	feat: add more rules	2023-07-20 13:47:30 +02:00
$frack113$ frack113	03ec08f933	Add Sysmon 28-29 rules Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-20 12:38:11 +02:00
$frack113$ frack113	9acc4e1823	feat: add rules related to pwsh set-acl cmdlet usage (#4352 )	2023-07-20 11:08:44 +02:00
phantinuss	cf29e28a54	Merge pull request #4353 from phantinuss/master chore: update submodule tests/cti	2023-07-19 14:25:51 +02:00
phantinuss	0055269b8e	chore: update submodule tests/cti	2023-07-19 14:10:39 +02:00
Florian Roth	4de6102dc7	Merge pull request #4351 from SigmaHQ/rule-devel Windows Defender Signature Removal: level from 'medium' to 'high'	2023-07-18 14:18:26 +02:00
Florian Roth	764963c2c7	refactor: increased level	2023-07-18 14:09:12 +02:00
Florian Roth	9463000c71	Merge branch 'master' into rule-devel	2023-07-18 13:41:01 +02:00
Florian Roth	88fe9c6245	Merge pull request #4350 from joshnck/patch-4 Fixed typo in comment	2023-07-17 22:06:30 +02:00
Josh	f083be8458	Fixed typo in comment DragonOK and not dargonOK :)	2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali	3cb4bdc86c	Merge pull request #4347 from frack113/update_Readme Update README.md	2023-07-17 14:35:25 +02:00
Nasreddine Bencherchali	7ca5639d1d	Merge pull request #4346 from X-Junior/CVE-2023-36884-rules feat: new rules related to CVE-2023-36884	2023-07-17 14:31:33 +02:00
Nasreddine Bencherchali	4e626ac9ba	Update README.md	2023-07-17 14:25:37 +02:00
phantinuss	b99089e252	fix: typo	2023-07-17 13:57:27 +02:00
Mohamed Ashraf (X__Junior)	dc9a5c9263	Update cti	2023-07-17 14:44:15 +03:00
Nasreddine Bencherchali	60cd15bd29	Merge pull request #4336 from securepeacock/patch-55	2023-07-17 12:23:08 +02:00
Nasreddine Bencherchali	2c3d19f335	Merge pull request #4293 from danielbohannon/patch-1	2023-07-17 12:19:05 +02:00
Nasreddine Bencherchali	a5906be61d	Merge pull request #4344 from frack113/redcannary_T1070_008	2023-07-17 12:15:09 +02:00
Nasreddine Bencherchali	9f13d9bb23	Merge pull request #4339 from frack113/redcannary_t1012	2023-07-17 12:14:57 +02:00
Nasreddine Bencherchali	ee9ced87be	feat: update path	2023-07-17 12:14:37 +02:00
Nasreddine Bencherchali	3921490664	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-17 12:08:34 +02:00
Nasreddine Bencherchali	981ceebab2	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-17 12:04:58 +02:00
Nasreddine Bencherchali	bea4310b52	Update rules-threat-hunting/windows/powershell/powershell_script/posh_ps_mailbox_access.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-17 12:03:25 +02:00

1 2 3 4 5 ...

15670 Commits