security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,334 Commits 1 Branch 57 Tags
bb84e503fa5ea27330dd4c7cb7d37fdb3460d627
Commit Graph

245 Commits

Author SHA1 Message Date
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
frack113 1e5ae09c4b Order yaml field 2022-10-26 09:43:39 +02:00
Nasreddine Bencherchali 1258eca847 fix: Fix typo in selection 2022-10-25 01:47:53 +02:00
Nasreddine Bencherchali ada1121447 Add Office Token Stealing Rules 2022-10-25 01:14:27 +02:00
Nasreddine Bencherchali 87e8e7fa33 Create posh_ps_susp_service_dacl_modification_set_service.yml 2022-10-24 12:17:41 +02:00
Qasim Qlf 2c4ea3761a Update and rename posh_ps_copy_item_system32.yml to posh_ps_copy_item_system_directory.yml 2022-10-20 14:31:48 +05:00
phantinuss f976ad48c1 Merge pull request #3602 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-20 10:28:56 +02:00
frack113 27ad27c3c0 Merge pull request #3608 from unamuno/patch-mitreid 
changed mitre id from process to user discovery
 2022-10-19 22:31:37 +02:00
Merlin 575f36d8f8 changed mitre id from process to user discovery 2022-10-19 16:10:47 +02:00
Nasreddine Bencherchali 21040fc106 Update posh_ps_using_set_service_to_hide_services.yml 2022-10-18 20:13:45 +02:00
Nasreddine Bencherchali 676578d2c4 Add PowerShell version of the rule + Fix rule 2022-10-18 16:03:26 +02:00
Florian Roth 450229537e Merge pull request #3595 from SigmaHQ/rule-devel 
rule: extended susp adfind rule, rule: susp wermgr process patterns
 2022-10-15 10:49:50 +02:00
Florian Roth 6706a67bb8 refactor: move few apt rules to categories, del 'apt' folder 2022-10-14 11:44:49 +02:00
Nasreddine Bencherchali f4257c33b1 Update posh_ps_wmi_unquoted_service_search.yml 2022-10-14 00:51:21 +02:00
Nasreddine Bencherchali 48e7f9e302 Merge branch 'master' into nasbench-rule-devel 2022-10-14 00:49:20 +02:00
Nasreddine Bencherchali d42e5b5435 New Rules 2022-10-12 10:04:04 +02:00
Tim Rauch a94832de90 Updated rule 488b44e7-3781-4a71-888d-c95abfacf44d 2022-10-11 12:39:40 +02:00
Tim Rauch 4ab6fe537a Updated some rules 2022-10-11 12:38:23 +02:00
Tim Rauch 3454738439 Merge branch 'master' 2022-10-11 11:32:20 +02:00
Tim Rauch b992a0e340 fix: updated rules after review 2022-10-11 11:29:08 +02:00
Florian Roth 83f93bc32c Merge branch 'master' into master 2022-10-10 00:27:48 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth d8890295fe Merge branch 'master' into master 2022-10-07 16:24:30 +02:00
Nasreddine Bencherchali e810e907a1 Create posh_ps_psasyncshell.yml 2022-10-04 20:57:15 +02:00
Tim Rauch b6046803a0 fix: fixed rules after review 2022-10-04 10:06:15 +02:00
Gude5 f692271c0a Merge branch 'SigmaHQ:master' into master 2022-10-04 09:33:51 +02:00
Florian Roth 14fdf75ab5 fix: FPs noticed with THOR 2022-09-29 13:51:09 +02:00
Tim Rauch 119c9f5275 fix: fixed rules after failed Sigma Rule Tests 2022-09-29 11:30:45 +02:00
Tim Rauch 58e5b9f419 fix: removed ' from references 2022-09-29 10:21:01 +02:00
Tim Rauch 81a112e35b Fixed merge conflicts 2022-09-29 10:05:49 +02:00
Tim Rauch d35ea51136 Merge branch 'master' of https://github.com/Gude5/sigma 2022-09-29 09:57:29 +02:00
Tim Rauch be1f1a4505 New Rules: transformed elastic to sigma rules 2022-09-28 16:45:22 +02:00
Florian Roth e46d19e450 fix: condition 2022-09-27 10:30:34 +02:00
Florian Roth e6d7ba8224 Merge branch 'master' into aurora-false-positive-fixing 2022-09-27 00:20:07 +02:00
Florian Roth e1375467c5 fix: FPs with Azure hosts 2022-09-26 23:52:48 +02:00
frack113 2cd376c70c fix pass 2022-09-16 20:04:55 +02:00
frack113 c78b332ba7 Add posh_ps_sensitive_file_discovery 2022-09-16 19:37:26 +02:00
Florian Roth 67072ecc91 Merge pull request #3488 from frack113/redcannary_20220910 
Add posh_ps_disable_windowsoptionalfeature
 2022-09-16 09:13:16 +02:00
frack113 c4d2ed0478 Merge pull request #3497 from bornatalebi/master 
New Rule: Windows DNS Client Rule command
 2022-09-16 06:33:41 +02:00
Borna Talebi 2af0431efa Change Title 2022-09-16 00:53:55 +04:30
Borna Talebi b984d52c65 Fixing conditions 2022-09-16 00:32:47 +04:30
Borna Talebi 0e7085bee5 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:23:58 +04:30
Borna Talebi 227c2f6bb9 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:11:52 +04:30
Borna Talebi d078d47360 New Rule: Windows DNS Client Rule 2022-09-14 22:32:35 +04:30
Nasreddine Bencherchali 8a504bee9e Add %tmp% env variable 2022-09-13 10:49:14 +02:00
nasreddine.bencherchali@nextron-systems.com 6fa682b619 Create posh_ps_susp_clear_eventlog.yml 2022-09-13 10:02:36 +02:00
frack113 f4da079d13 Add posh_ps_enable_windowsoptionalfeature 2022-09-11 19:43:54 +02:00
frack113 51076b2078 Update posh_ps_disable_windowsoptionalfeature.yml 2022-09-11 19:29:15 +02:00
frack113 5996fbf4c9 Fix tag 2022-09-10 19:23:58 +02:00
frack113 486fdabe34 Add posh_ps_disable_windowsoptionalfeature 2022-09-10 19:15:36 +02:00