blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	b24e863a1c	feat: add VMwareToolBoxCmd persistence	2023-07-27 14:44:37 +02:00
Nasreddine Bencherchali	1d10fd8d52	feat: update curl & wget rules	2023-07-27 13:58:57 +02:00
Nasreddine Bencherchali	b20e7b449c	feat: rules update	2023-07-26 10:56:18 +02:00
phantinuss	250d6c0dd0	fix: selection to use all strings	2023-07-25 10:17:54 +02:00
phantinuss	9f9f2321de	fix: FP found with missing commandlines	2023-07-25 10:17:54 +02:00
Nasreddine Bencherchali	d79fdf6f51	Merge pull request #4355 from nasbench/new-rules-13-07-23 feat: new rules and updates	2023-07-24 14:58:49 +02:00
Nasreddine Bencherchali	e1d07780b3	fix: fp	2023-07-24 14:08:45 +02:00
Nasreddine Bencherchali	ad0d3f58ac	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-24 12:35:11 +02:00
Nasreddine Bencherchali	57a4dadd15	Merge pull request #4358 from frack113/redcannary_T1547_015	2023-07-24 12:13:34 +02:00
Nasreddine Bencherchali	72b658b4c2	Update proc_creation_win_susp_ntfs_short_name_use_image.yml	2023-07-24 11:44:59 +02:00
Nasreddine Bencherchali	a97c96aacc	fix: fp	2023-07-24 11:01:02 +02:00
Nasreddine Bencherchali	6794bb0e27	Update file_event_win_susp_windows_terminal_profile.yml	2023-07-24 10:37:56 +02:00
$frack113$ frack113	c46546a017	Add file_event_win_susp_windows_terminal_profile Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-22 10:07:45 +02:00
Nasreddine Bencherchali	1e02a7db4c	Apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-07-20 15:47:14 +02:00
Nasreddine Bencherchali	db9214e8d2	fix: typos	2023-07-20 14:13:13 +02:00
Nasreddine Bencherchali	e6003c19cd	Apply suggestions from code review	2023-07-20 14:08:49 +02:00
Nasreddine Bencherchali	1ed5629eb2	feat: update filter	2023-07-20 14:01:35 +02:00
Nasreddine Bencherchali	f7acf07882	Merge branch 'SigmaHQ:master' into new-rules-13-07-23	2023-07-20 13:51:48 +02:00
Nasreddine Bencherchali	73f44e61d1	feat: add more rules	2023-07-20 13:47:30 +02:00
$frack113$ frack113	03ec08f933	Add Sysmon 28-29 rules Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-20 12:38:11 +02:00
$frack113$ frack113	9acc4e1823	feat: add rules related to pwsh set-acl cmdlet usage (#4352 )	2023-07-20 11:08:44 +02:00
Florian Roth	764963c2c7	refactor: increased level	2023-07-18 14:09:12 +02:00
Josh	f083be8458	Fixed typo in comment DragonOK and not dargonOK :)	2023-07-17 14:39:48 -04:00
Nasreddine Bencherchali	7ca5639d1d	Merge pull request #4346 from X-Junior/CVE-2023-36884-rules feat: new rules related to CVE-2023-36884	2023-07-17 14:31:33 +02:00
phantinuss	b99089e252	fix: typo	2023-07-17 13:57:27 +02:00
Nasreddine Bencherchali	2c3d19f335	Merge pull request #4293 from danielbohannon/patch-1	2023-07-17 12:19:05 +02:00
Nasreddine Bencherchali	8726f310e7	chore: update metadata	2023-07-13 23:30:16 +02:00
Mohamed Ashraf (X__Junior)	c10a6c9870	Create net_connection_win_office.yml	2023-07-13 19:23:38 +03:00
Nasreddine Bencherchali	08e0a297f3	feat: new rules and updates	2023-07-13 17:31:13 +02:00
Mohamed Ashraf (X__Junior)	81440fe0ea	CVE-2023-36884 rules	2023-07-13 18:27:12 +03:00
Nasreddine Bencherchali	dcfb4c5c28	Merge pull request #4337 from phantinuss/master fix: FP found in-the-wild	2023-07-13 11:23:25 +02:00
Nasreddine Bencherchali	6e6726749c	Merge pull request #4295 from danielbohannon/patch-3	2023-07-13 11:08:35 +02:00
Nasreddine Bencherchali	795179d9dc	Merge branch 'master' into master	2023-07-13 11:07:45 +02:00
Nasreddine Bencherchali	a1672f8dbb	fix: remove ping filter	2023-07-13 11:05:00 +02:00
$frack113$ frack113	62256b104d	fix: FP found with remote thread rule (#4342 )	2023-07-13 10:04:03 +02:00
Nasreddine Bencherchali	ccec820a01	feat: new rules & updates (#4328 )	2023-07-13 10:01:05 +02:00
$frack113$ frack113	3d2b11ac5f	Merge pull request #4345 from frack113/redcannary_t1087_002 Update posh_ps_get_adcomputer	2023-07-12 20:52:43 +02:00
$frack113$ frack113	1586e30f19	Merge pull request #4343 from frack113/redcannary_t1057 Add proc_creation_win_findstr_susp_parent	2023-07-12 20:52:17 +02:00
$frack113$ frack113	101fe1a355	Update posh_ps_get_adcomputer Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-08 18:02:06 +02:00
$frack113$ frack113	c97c3bc54c	Add httpd filter Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-06 20:19:03 +02:00
$frack113$ frack113	f9dbb1f413	Add proc_creation_win_findstr_susp_parent Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-07-06 19:51:47 +02:00
phantinuss	835dda9484	fix: FPs found in testing env	2023-07-05 10:37:17 +02:00
phantinuss	cede72ad18	fix: more FPs, found in testing env	2023-07-05 10:31:47 +02:00
phantinuss	f0dc10327b	fix: FP found in-the-wild	2023-06-30 09:39:55 +02:00
$frack113$ frack113	c0332a9d96	Merge pull request #4334 from securepeacock/patch-54 Update net_dns_wannacry_killswitch_domain.yml	2023-06-29 06:46:14 +02:00
$frack113$ frack113	78d28994c9	Merge pull request #4333 from securepeacock/patch-53 Update proc_creation_win_nltest_recon.yml	2023-06-29 06:45:58 +02:00
phantinuss	117c600e03	fix: FP found with excel	2023-06-28 10:33:19 +02:00
securepeacock	a60094531b	Update net_dns_wannacry_killswitch_domain.yml	2023-06-26 13:31:05 -04:00
securepeacock	a527ff3a1a	Update proc_creation_win_nltest_recon.yml	2023-06-26 09:55:01 -04:00
Ryan Plas	cda0fbff62	fix:F multiple 404 links in references (#4332 )	2023-06-26 10:10:04 +01:00

1 2 3 4 5 ...

12178 Commits