security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,440 Commits 1 Branch 57 Tags
be2ec96dc2ce1f28199faca6ebdc69b66b5e08a2
Commit Graph

3518 Commits

Author SHA1 Message Date
Nasreddine Bencherchali f9c39c3c1e Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-08-24 01:06:02 +01:00
Nasreddine Bencherchali 88295a305c Rule Dev 2022-08-24 01:05:40 +01:00
Florian Roth 4e3fc80ee8 Merge pull request #3421 from secDre4mer/master 
feat: new rule for sysnative process creation
 2022-08-23 16:30:26 +02:00
Florian Roth a3c493f8de Merge pull request #3420 from phantinuss/master 
FPs found in Testing
 2022-08-23 16:30:04 +02:00
Florian Roth e5aa5896cd Merge pull request #3418 from SigmaHQ/rule-devel 
rule: Renamed Adfind, rule: CsExec
 2022-08-23 16:29:45 +02:00
Max Altgelt 74f9e77339 fix: title casing 2022-08-23 14:50:02 +02:00
Max Altgelt 6711a3e2ed feat: new rule for sysnative process creation 2022-08-23 14:38:24 +02:00
phantinuss 1d45c98f0f fix: FP with teams 2022-08-23 14:26:27 +02:00
Nasreddine Bencherchali e550080e1c Update proc_creation_win_net_recon.yml 2022-08-22 21:43:06 +01:00
Florian Roth dba875e977 Update proc_creation_win_susp_service_modification.yml 2022-08-22 21:34:23 +02:00
Nasreddine Bencherchali c9e81f1cf0 Update proc_creation_win_lolbin_sideload_link_binary.yml 2022-08-22 20:17:22 +01:00
Nasreddine Bencherchali 6aa4c56b3b Update proc_creation_win_net_recon.yml 2022-08-22 20:07:53 +01:00
Nasreddine Bencherchali a769377070 Update proc_creation_win_persistence_typed_paths.yml 2022-08-22 20:05:02 +01:00
Nasreddine Bencherchali ae9785eb47 TypedPaths 2022-08-22 20:04:43 +01:00
Florian Roth 66f829c371 rule: CsExec 2022-08-22 17:43:49 +02:00
Nasreddine Bencherchali 1ef7208897 Create proc_creation_win_lolbin_sideload_link_binary.yml 2022-08-22 15:31:35 +01:00
Nasreddine Bencherchali 9f61d51408 Rename 2022-08-22 14:52:59 +01:00
Nasreddine Bencherchali 17aa5fec6d Update 2022-08-22 14:52:41 +01:00
Nasreddine Bencherchali 60154a963f Update proc_creation_win_ntfs_short_name_path_use_image.yml 2022-08-22 11:15:15 +01:00
Nasreddine Bencherchali bb51bb4bd4 Fix #3407 2022-08-22 11:14:08 +01:00
Florian Roth 00383708ce Merge pull request #3412 from aaronherman/add-dumpert-hacktools-implashes 
add Dumpert and other Imphashes to Windows Hacktools rule
 2022-08-21 11:00:51 +02:00
Florian Roth 091f26ecd4 docs: adfind website url 2022-08-21 09:38:30 +02:00
Florian Roth e379d6b224 rule: renamed adfind 2022-08-21 09:38:18 +02:00
Florian Roth a4656f9cb7 Merge pull request #3408 from frack113/redcannary_20220820 
Redcannary 20220820
 2022-08-21 09:30:13 +02:00
Florian Roth f0bdb36b18 add more imphashes from Sysmon config 2022-08-21 09:17:23 +02:00
Florian Roth c99d94766e revert: remove dumpert rule 2022-08-21 09:08:19 +02:00
Florian Roth 79cd099ff0 Merge pull request #3404 from frack113/hotfix 
update 20220820
 2022-08-21 09:04:28 +02:00
AaronHerman 2a22cb76d7 remove dumpert rule, add to Windows Hacktools Impash 2022-08-20 20:23:15 -05:00
frack113 9f89d4c8c7 Redcannary 20220820 2022-08-20 17:12:31 +02:00
Florian Roth 268b0a8038 Merge pull request #3402 from nasbench/lolbin-update 
LOLBIN Updates
 2022-08-20 13:25:24 +02:00
frack113 df8df38414 Add proc_creation_win_susp_pester_parent 2022-08-20 12:18:49 +02:00
frack113 8333671025 Fix test error 2022-08-20 12:07:01 +02:00
frack113 bda5a032c8 update 20220820 2022-08-20 11:56:18 +02:00
Florian Roth 1443adc730 Update proc_creation_win_lolbin_customshellhost.yml 2022-08-20 10:27:40 +02:00
Florian Roth a82c533d30 Merge pull request #3395 from nasbench/nasbench-rule-devel 
Update + New Rules
 2022-08-20 09:46:40 +02:00
Florian Roth 5c27980bc6 Merge pull request #3403 from SigmaHQ/rule-devel 
rule: SharpUp, HandleKatz
 2022-08-20 09:29:55 +02:00
Florian Roth 65cdc9d04d Update proc_creation_win_lolbin_customshellhost.yml 2022-08-20 09:22:05 +02:00
Florian Roth 34b4249690 Merge pull request #3401 from frack113/redcannary_20220819 
Redcannary test
 2022-08-20 09:12:41 +02:00
Florian Roth 872a6525dd fix: list with 1 entry 2022-08-20 09:01:51 +02:00
Florian Roth e546862635 rule: sharpup 2022-08-20 00:49:39 +02:00
Nasreddine Bencherchali 544e06ee33 Update proc_creation_win_proc_dump_createdump.yml 2022-08-19 23:09:40 +01:00
Nasreddine Bencherchali 0dc4704f05 LOLBIN Updates 2022-08-19 23:05:46 +01:00
frack113 3dcb4c195b Add t1484.001 2022-08-19 19:12:40 +02:00
frack113 f88d2befa7 Update ref 2022-08-19 17:20:34 +02:00
frack113 0938659f94 Redcannary test 2022-08-19 14:06:08 +02:00
Florian Roth 60b7c0a407 Update proc_creation_win_webshell_spawn.yml 2022-08-19 09:08:31 +02:00
Florian Roth 7f7fb6ab47 Merge branch 'master' into rule-devel 2022-08-18 13:02:29 +02:00
Florian Roth fe041ad3d4 HandleKatz usage 2022-08-18 13:02:20 +02:00
Tim Shelton 8c027a17f2 FP: another false positive on using cmd exec to query service stats.... maybe theress a vuln opportunity here? 2022-08-18 04:51:38 +00:00
Nasreddine Bencherchali 52f26a14a2 Rule Update 2022-08-17 20:27:55 +01:00