security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
16,483 Commits 1 Branch 57 Tags
b2acd800981e1c8d9f747173eb7803f0405cebd6
Commit Graph

13 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
 2024-08-12 12:02:50 +02:00
frack113 48baf1187b Merge PR #4752 from @frack113 - Update rules to use the windash modifier 
update: File Enumeration Via Dir Command - Update logic to use a wildcard in addition, for better accuracy.
chore: update multiple rules to use the windash modifier 

---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
 2024-03-11 12:01:30 +01:00
github-actions[bot] ae960f0881 Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test 
chore: promote older rules status from experimental to test

Co-authored-by: nasbench <nasbench@users.noreply.github.com>
 2023-12-01 12:50:36 +01:00
securepeacock bad3152ac3 Merge pull request #4388 from @securepeacock 
chore: Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE - add new reference
 2023-08-23 18:52:22 +02:00
Nasreddine Bencherchali fc316d8638 feat: even more updates 2023-02-03 20:17:09 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 6c211887a9 Remove unneeded star 2022-06-11 12:58:14 +02:00
Nasreddine Bencherchali de78f9f5b3 Update proc_creation_win_cmdkey_recon.yml 2022-06-11 11:18:33 +01:00
Nasreddine Bencherchali c610e4a749 Update proc_creation_win_cmdkey_recon.yml 2022-06-11 02:23:31 +01:00
Nasreddine Bencherchali 3bbeab2a7b Requested Changes 2022-05-17 15:04:26 +01:00
Nasreddine Bencherchali f0e05ccb3c Rule Update (Batch 2) 
- Added 5 more PowerShell scripts for the rule "file_event_win_powershell_exploit_scripts.yml"
- Created new rule for "certoc" lolbin to cover "Download" option as described in the LOLBAS project
- Created specific rule for the "IEExec" lolbin to cover "Download" option as described in the LOLBAS Project
- Updated some rules to use "OriginalFileName" in addition to the "Image" selection
- Updated some rules to increase coverage.
 2022-05-16 22:02:41 +01:00
Florian Roth 6e594875f3 refactor: cmdkey extended coverage 2022-04-21 09:12:13 +02:00
frack113 8bb3379b68 Normalization of rule names 2022-02-22 11:16:31 +01:00