security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,527 Commits 1 Branch 57 Tags
c04bef2fbbe8beff6c7620d5d7ea6872dbe7acba
Commit Graph

15527 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali c04bef2fbb Merge pull request #4320 from securepeacock/patch-47 
feat: add new reference for `proc_creation_win_renamed_binary.yml`
 2023-06-20 22:06:35 +02:00
securepeacock fcaa435517 Update proc_creation_win_renamed_binary.yml 2023-06-20 14:30:05 -04:00
Nasreddine Bencherchali 62d4fd26b0 Merge pull request #4319 from frack113/add_tags 
chore: update tags for new rule types
 2023-06-20 11:50:04 +02:00
Nasreddine Bencherchali 9f82e581a1 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-20 11:26:41 +02:00
Nasreddine Bencherchali 21a87ddac2 fix: typo 2023-06-20 11:08:57 +02:00
frack113 8c5dba3740 Update tags 
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-06-20 07:31:54 +02:00
Nasreddine Bencherchali c05f864047 Merge pull request #4318 from nasbench/rules-updates-13-06-23 
feat: add rules related to Barracuda ESG exploitation
 2023-06-19 13:22:10 +02:00
phantinuss 3c57bd6b89 fix: id and wording 2023-06-19 13:03:40 +02:00
Nasreddine Bencherchali 44e0625360 fix: update rules for tests 2023-06-19 09:24:18 +02:00
Nasreddine Bencherchali 22628faaf0 feat: add rules related to Barracuda ESG exploitation 2023-06-18 22:14:57 +02:00
securepeacock 6312dd1d44 feat: update reference proc_creation_win_wmic_process_creation.yml (#4315) 2023-06-16 10:24:50 +02:00
Nasreddine Bencherchali e8407c39cc Merge pull request #4312 from X-Junior/waveedit-dll-side-loading-rule 2023-06-15 11:18:50 +02:00
Florian Roth 93ebbcbb78 feat: typo fix and remote access software rule update (#4313) 2023-06-15 11:18:20 +02:00
phantinuss a5fc65e966 fix: wording 2023-06-15 09:14:33 +02:00
Nasreddine Bencherchali a5528ac5c0 chore: update description 2023-06-14 19:48:43 +02:00
Mohamed Ashraf ea47090c2d Update image_load_side_load_waveedit.yml 2023-06-14 18:59:48 +03:00
Mohamed Ashraf (X__Junior) df8d8240c8 Create image_load_side_load_waveedit.yml 2023-06-14 18:51:16 +03:00
Nasreddine Bencherchali 93881d6f87 Merge pull request #4311 from frack113/FP_lolbin 
fix: fp in proc_creation_win_lolbin_gpscript.yml
 2023-06-14 15:45:18 +02:00
Nasreddine Bencherchali 917e5bee68 fix: update filter name 2023-06-14 15:35:33 +02:00
Nasreddine Bencherchali 6f21321b98 Merge pull request #4310 from nasbench/rules-updates-13-06-23 
fix: fp found in testing
 2023-06-14 12:27:25 +02:00
phantinuss fdc780ea93 fix: typo 2023-06-14 12:12:57 +02:00
frack113 9ad36c796b Fix svchost FP 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-06-14 11:33:58 +02:00
Nasreddine Bencherchali bb8f6bf762 fix: update whql rule 2023-06-14 10:02:51 +02:00
Nasreddine Bencherchali 89df2a6e95 feat: add rule related to CVE-2023-25157 2023-06-14 00:24:37 +02:00
Nasreddine Bencherchali e39b85a3f4 fix: fp found in testing 2023-06-14 00:23:28 +02:00
Nasreddine Bencherchali 3d172914f6 Merge pull request #4307 from nasbench/rules-updates-13-06-23 
chore: fix date field and add fp filter
 2023-06-13 12:13:50 +02:00
Nasreddine Bencherchali ccc4458dfc chore: fix date field and add fp filter 2023-06-13 11:41:14 +02:00
Nasreddine Bencherchali 9c3e652693 Merge pull request #4301 from tr0mb1r/master 
feat: add new rules related to ClickOnce abuse
 2023-06-13 11:29:25 +02:00
phantinuss 62ed3a7bcf fix: wording 2023-06-13 08:58:49 +02:00
Nasreddine Bencherchali 7ecbf44bf6 feat: update clickonce rules 2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali ac7902685f Merge pull request #4305 from X-Junior/uncommen-child-processes-sndvol 
feat: new rule "Uncommon SndVol Child Process"
 2023-06-12 10:25:09 +02:00
Florian Roth 79817eaa4d feat: add rule related to potential exploitation of CVE-2023-2283 (#4303) 2023-06-12 10:17:47 +02:00
Nasreddine Bencherchali c178292529 Merge pull request #4304 from X-Junior/multiple-dll-sideloading-rules 
feat: add multiple dll sideloading related rules
 2023-06-12 10:15:51 +02:00
Nasreddine Bencherchali 2b520f9415 chore: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-12 10:15:23 +02:00
Nasreddine Bencherchali 6469462092 fix: fp found in testing 2023-06-12 00:41:36 +02:00
Nasreddine Bencherchali f963525e82 chore: update filters and metadata 2023-06-12 00:34:04 +02:00
Nasreddine Bencherchali d634acec1a feat: update legit child 2023-06-12 00:23:04 +02:00
Nasreddine Bencherchali a387b37a50 Rename image_load_side_load_RjvPlatform_2.yml to image_load_side_load_RjvPlatform_2.yml 2023-06-12 00:22:07 +02:00
Nasreddine Bencherchali 0a1fe0ebcd chore: rename file - remove space 2023-06-12 00:21:52 +02:00
Mohamed Ashraf (X__Junior) 2b2c5c42ca Create proc_creation_win_sndvol_susp_child_processes.yml 2023-06-09 20:43:13 +03:00
Mohamed Ashraf dd95695a0f Update image_load_side_load_edputil.yml 2023-06-09 20:37:59 +03:00
Mohamed Ashraf (X__Junior) dce3b11669 multiple dll sideloading rules 2023-06-09 20:35:44 +03:00
Nasreddine Bencherchali b02e3b698a Merge pull request #4289 from branchnetconsulting/patch-1 
feat: update logonscript rules
 2023-06-09 12:23:14 +02:00
phantinuss f3567b72f7 fix: wording 2023-06-09 12:14:16 +02:00
Nasreddine Bencherchali 9be8e2296a feat: update logon script rules 2023-06-09 12:09:35 +02:00
Nasreddine Bencherchali dd5aea1a37 Merge pull request #4297 from nasbench/codeintegrity-rule-update 
feat: Code Integrity Rules Updates
 2023-06-09 11:15:16 +02:00
phantinuss 8b99f2e7ed fix: wording 2023-06-09 10:48:54 +02:00
phantinuss 854fae2015 fix: wording 2023-06-09 10:44:40 +02:00
tr0mb1r 3254d84859 ClickOnce Trust Prompt Modification 2023-06-08 12:16:51 +04:00
tr0mb1r f0fd1930ba Update image_load_clickonce_unsigned_module_loaded.yml 2023-06-08 09:57:01 +04:00