security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,483 Commits 1 Branch 57 Tags
b2acd800981e1c8d9f747173eb7803f0405cebd6
Commit Graph

850 Commits

Author SHA1 Message Date
Alejandro Ortuno ad031d97ee Filter out listening mode on nc 2020-11-09 10:32:56 +01:00
Ömer Günal 577165b7f7 Update lnx_system_info_discovery.yml 2020-11-08 11:09:27 +03:00
Ömer Günal 0e4a5baf1a Update lnx_install_root_certificate.yml 2020-11-08 11:08:30 +03:00
Ömer Günal 499a8f85b0 Update lnx_install_root_certificate.yml 2020-11-08 11:06:11 +03:00
Ömer Günal 5dc3472af0 Update lnx_system_info_discovery.yml 2020-11-07 11:51:53 +03:00
Ömer Günal 89a24d4bfa Update lnx_install_root_certificate.yml 2020-11-07 11:50:30 +03:00
yugoslavskiy c17e8574d0 change the syntax a bit and removed .service suffix as it is 
[redundant](https://www.freedesktop.org/software/systemd/man/systemctl.html]:

```
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

# systemctl start sshd
and
# systemctl start sshd.service

are equivalent
```
 2020-11-06 20:56:08 +01:00
Alejandro Ortuno 7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Alejandro Ortuno c83d5a3d65 Added some minor tuning of ip ranges 2020-10-26 09:45:13 +01:00
Alejandro Ortuno 11df6c2566 Sigma rule 2020-10-23 10:16:59 +02:00
Alejandro Ortuno 638fd7eeab Remote system discovery sigma rules for macos and linux 2020-10-22 10:37:29 +02:00
Alejandro Ortuno 5d37c0ee1e Added some modifications to firewall disabling 2020-10-22 10:22:00 +02:00
Ömer Günal afe97c000c Update lnx_system_info_discovery.yml 2020-10-21 21:48:43 +03:00
Ömer Günal 9f7244f019 Update lnx_system_info_discovery.yml 2020-10-21 21:45:23 +03:00
Ömer Günal a2a1b20335 Update lnx_process_discovery.yml 2020-10-21 21:40:46 +03:00
Mikhail Larin c938d917f1 additional processname fix 2020-10-21 18:32:50 +03:00
Mikhail Larin 13d84ac27b rule logic fix 2020-10-21 18:32:02 +03:00
Mikhail Larin c744a1cb47 fix rule logic 2020-10-21 18:29:06 +03:00
Mikhail Larin 7227ed0721 fix rule logic 2020-10-21 18:25:22 +03:00
Alejandro Ortuno 5e5576a91b Fix product 2020-10-21 10:13:28 +02:00
Alejandro Ortuno aa416090e1 Initial sigma rule 2020-10-21 10:09:00 +02:00
Alejandro Ortuno cdabf8e0e8 Sigma rules for network service scanning. 2020-10-21 09:41:40 +02:00
yugoslavskiy 81acc81d10 updated syntax a bit to re-run the test 2020-10-20 19:06:23 +02:00
yugoslavskiy 585770faa3 update syntax a bit to re-run the test 2020-10-20 17:31:00 +02:00
yugoslavskiy 462c92e522 changes a syntax a bit to re-run the test 2020-10-20 17:10:20 +02:00
Yugoslavskiy Daniil e95749e190 fix syntax 2020-10-20 05:10:11 +02:00
Yugoslavskiy Daniil 99b40e4a6a chage list of plist to contains modifier. could be easily bypassed with endswith 2020-10-20 05:09:08 +02:00
Yugoslavskiy Daniil cea24c9984 add macos_disable_security_tools.yml, oscd initiative issue #1012, task number 60 2020-10-20 05:06:43 +02:00
Yugoslavskiy Daniil 2890adf093 add macos_xattr_gatekeeper_bypass.yml, oscd initiative issue #1012, task number 55 2020-10-20 04:34:02 +02:00
Yugoslavskiy Daniil 5a8c7cd3f9 add missing falcond 2020-10-20 04:00:16 +02:00
Yugoslavskiy Daniil 6f3ac02cb3 add lnx_security_software_discovery.yml, oscd initiative issue #1011, task number 26 2020-10-20 03:57:41 +02:00
Yugoslavskiy Daniil f0663c8412 add macos_security_software_discovery.yml, oscd initiative issue #1012, task number 41 2020-10-20 03:46:41 +02:00
Yugoslavskiy Daniil 491f9d023c add lnx_file_and_directory_discovery.yml, oscd initiative issue #1011, task number 18 2020-10-20 03:05:32 +02:00
Yugoslavskiy Daniil 7c50729388 add macos_file_and_directory_discovery.yml, oscd initiative issue #1012, task number 28 2020-10-20 02:58:08 +02:00
Yugoslavskiy Daniil 34591f9f64 add lnx_system_network_connections_discovery.yml, oscd initiative issue #1011, task number 8 2020-10-20 01:17:06 +02:00
Yugoslavskiy Daniil 941fbebcdc add macos_system_network_connections_discovery.yml, oscd initiative issue #1012, task number 14 2020-10-20 01:14:56 +02:00
Yugoslavskiy Daniil 272fbcc378 fix title 2020-10-20 00:47:02 +02:00
Yugoslavskiy Daniil f0060dec67 fix title 2020-10-20 00:44:23 +02:00
Yugoslavskiy Daniil 1ecb2c1932 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:39:06 +02:00
Yugoslavskiy Daniil 8b01062d17 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:37:53 +02:00
Yugoslavskiy Daniil cc3ef973c0 add macos_base64_decode.yml, oscd initiative issue #1012, task number 3 2020-10-20 00:36:21 +02:00
Tim I 0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00