security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,804 Commits 1 Branch 57 Tags
b5fe2c1a2688f7a6dff9bfa9d02aaa721763ceed
Commit Graph

10751 Commits

Author SHA1 Message Date
frack113 24d983a6a9 Merge pull request #3775 from danielgottt/patch-9 
Create proc_creation_win_lolbin_setres.yml
 2022-12-13 06:45:39 +01:00
frack113 ad75051c40 Merge pull request #3776 from danielgottt/patch-10 
Create web_apache_solr_lfi_exploit.yml
 2022-12-13 06:45:03 +01:00
Nasreddine Bencherchali 078fcaab28 fix: update description 2022-12-13 00:17:04 +01:00
Nasreddine Bencherchali 8011ef23a3 fix: enhance logic, description and title 2022-12-13 00:15:49 +01:00
Nasreddine Bencherchali aca5dccd7f fix: change title 2022-12-13 00:01:46 +01:00
Gott 796db1479f Update web_cve_2021_27905_apache_solr_lfi_exploit.yml 2022-12-12 17:31:32 -05:00
Nasreddine Bencherchali 14ccb7b00e fix: broken tag 2022-12-12 23:26:19 +01:00
Gott 11351b78dd Rename web_cve_2021-27905_apache_solr_lfi_exploit.yml to web_cve_2021_27905_apache_solr_lfi_exploit.yml 2022-12-12 17:17:11 -05:00
Gott c91c775f58 Rename web_apache_solr_lfi_exploit.yml to web_cve_2021-27905_apache_solr_lfi_exploit.yml 2022-12-12 17:16:52 -05:00
Gott b9b88b1382 Update web_apache_solr_lfi_exploit.yml 2022-12-12 17:16:03 -05:00
Gott 120bff21f8 Update proc_creation_win_lolbin_setres.yml 2022-12-12 17:09:26 -05:00
Gott a7662a7350 Update rules/windows/process_creation/proc_creation_win_lolbin_setres.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-12 17:07:05 -05:00
Nasreddine Bencherchali 14a2bf3b59 fix: error in selection 2022-12-12 22:16:38 +01:00
Nasreddine Bencherchali 622fb687b7 fix: update logic and other information 2022-12-12 21:58:17 +01:00
Micah Babinski 52997da9b2 Modified level (reduce severity) 2022-12-12 07:33:47 -08:00
Micah Babinski e8a980161c Fixed rule description and title. 2022-12-12 07:32:26 -08:00
Micah Babinski da2d06fa37 Added suspicious rcedit rule. 2022-12-12 07:28:57 -08:00
frack113 0328946e69 Merge pull request #3774 from frack113/redcanary_20221211 
Redcannary rules
 2022-12-12 13:30:20 +01:00
sai prashanth pulisetti 5a46cd3efd Create Abuse Nslookup with DNS Records (#3773) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-12 13:24:46 +01:00
frack113 d797bf0eb1 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-12 13:23:59 +01:00
Gott 063aac1b4d Update proc_creation_win_lolbin_setres.yml 2022-12-11 11:57:22 -05:00
Gott 3a1fe16570 Update proc_creation_win_lolbin_setres.yml 
selection correction and detection logic correction
 2022-12-11 11:25:12 -05:00
Gott af0b1e61b4 Create web_apache_solr_lfi_exploit.yml 2022-12-11 10:53:38 -05:00
frack113 89d2d00a5b Redcannary 2022-12-11 16:46:32 +01:00
Gott ff14120ee5 Update proc_creation_win_lolbin_setres.yml 
corrected duplicate tags
 2022-12-11 10:17:53 -05:00
Gott fec7756b8b Create proc_creation_win_lolbin_setres.yml 2022-12-11 10:00:05 -05:00
frack113 646d861471 Redcannary 2022-12-11 10:57:28 +01:00
Florian Roth 62347bcc80 Merge pull request #3772 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2022-12-10 17:02:14 +01:00
Veramine 9662897442 Update proc_creation_win_susp_conhost_option.yml (#3763) 2022-12-09 21:13:58 +01:00
frack113 e1224b7fce Merge pull request #3770 from qasimqlf/patch-16 
fix: condition
 2022-12-09 19:45:03 +01:00
Nasreddine Bencherchali 1a9d7960e7 fix: add dword version 2022-12-09 19:44:44 +01:00
Nasreddine Bencherchali 76fca5aa4b fix: update title to reflect logic 2022-12-09 19:37:53 +01:00
Nasreddine Bencherchali 26cd02cff4 fix: add modified date 2022-12-09 19:24:44 +01:00
Nasreddine Bencherchali bacd8078c5 feat: update detection section 2022-12-09 19:18:09 +01:00
Nasreddine Bencherchali fb988ab25e fix: typos and errors 2022-12-09 19:15:35 +01:00
Nasreddine Bencherchali a8472bf4df fix: add missing selection 2022-12-09 19:13:59 +01:00
Nasreddine Bencherchali fa1cbb314a feat: more updates to etw tamper rules 2022-12-09 19:09:24 +01:00
Nasreddine Bencherchali 7c7057d9d3 fix: rename .net etw tamper rules 2022-12-09 18:06:58 +01:00
Nasreddine Bencherchali 89e44d46cb feat: update .net etw tamper rules 2022-12-09 18:06:20 +01:00
Nasreddine Bencherchali 14d174e218 feat: update rules related to dll sideloading 2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali cde2bdfc22 fix: fix typo in fieldname and close #2101 2022-12-09 17:11:03 +01:00
Nasreddine Bencherchali 9f346ce7d1 fix: typo in rule filename 2022-12-09 16:41:36 +01:00
Nasreddine Bencherchali 1143ec85b4 feat: enhance pssnapin rule 2022-12-09 16:38:32 +01:00
Nasreddine Bencherchali 559b4c4e97 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-12-09 13:41:21 +01:00
Florian Roth 356ab98ada fix: FPs with Important Scheduled Task Deleted 2022-12-09 12:55:41 +01:00
Nasreddine Bencherchali 0783d6df22 feat: update Lsass-Shtinkering rules 2022-12-09 12:22:50 +01:00
Nasreddine Bencherchali 7cd15d0bc1 fix: update metadata 2022-12-09 10:34:06 +01:00
Nasreddine Bencherchali 6f6cb9648d fix: fp found in testing 2022-12-09 10:33:52 +01:00
Qasim Qlf fb8e0894b0 fix: condition 2022-12-09 13:42:49 +05:00
Florian Roth 4013ee645e Merge pull request #3767 from qasimqlf/patch-14 
Added more FPs
 2022-12-09 09:07:17 +01:00