security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,527 Commits 1 Branch 57 Tags
c04bef2fbbe8beff6c7620d5d7ea6872dbe7acba
Commit Graph

12107 Commits

Author SHA1 Message Date
securepeacock fcaa435517 Update proc_creation_win_renamed_binary.yml 2023-06-20 14:30:05 -04:00
Nasreddine Bencherchali 44e0625360 fix: update rules for tests 2023-06-19 09:24:18 +02:00
Nasreddine Bencherchali 22628faaf0 feat: add rules related to Barracuda ESG exploitation 2023-06-18 22:14:57 +02:00
securepeacock 6312dd1d44 feat: update reference proc_creation_win_wmic_process_creation.yml (#4315) 2023-06-16 10:24:50 +02:00
Nasreddine Bencherchali e8407c39cc Merge pull request #4312 from X-Junior/waveedit-dll-side-loading-rule 2023-06-15 11:18:50 +02:00
Florian Roth 93ebbcbb78 feat: typo fix and remote access software rule update (#4313) 2023-06-15 11:18:20 +02:00
phantinuss a5fc65e966 fix: wording 2023-06-15 09:14:33 +02:00
Nasreddine Bencherchali a5528ac5c0 chore: update description 2023-06-14 19:48:43 +02:00
Mohamed Ashraf ea47090c2d Update image_load_side_load_waveedit.yml 2023-06-14 18:59:48 +03:00
Mohamed Ashraf (X__Junior) df8d8240c8 Create image_load_side_load_waveedit.yml 2023-06-14 18:51:16 +03:00
Nasreddine Bencherchali 93881d6f87 Merge pull request #4311 from frack113/FP_lolbin 
fix: fp in proc_creation_win_lolbin_gpscript.yml
 2023-06-14 15:45:18 +02:00
Nasreddine Bencherchali 917e5bee68 fix: update filter name 2023-06-14 15:35:33 +02:00
frack113 9ad36c796b Fix svchost FP 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-06-14 11:33:58 +02:00
Nasreddine Bencherchali bb8f6bf762 fix: update whql rule 2023-06-14 10:02:51 +02:00
Nasreddine Bencherchali e39b85a3f4 fix: fp found in testing 2023-06-14 00:23:28 +02:00
Nasreddine Bencherchali ccc4458dfc chore: fix date field and add fp filter 2023-06-13 11:41:14 +02:00
Nasreddine Bencherchali 9c3e652693 Merge pull request #4301 from tr0mb1r/master 
feat: add new rules related to ClickOnce abuse
 2023-06-13 11:29:25 +02:00
phantinuss 62ed3a7bcf fix: wording 2023-06-13 08:58:49 +02:00
Nasreddine Bencherchali 7ecbf44bf6 feat: update clickonce rules 2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali ac7902685f Merge pull request #4305 from X-Junior/uncommen-child-processes-sndvol 
feat: new rule "Uncommon SndVol Child Process"
 2023-06-12 10:25:09 +02:00
Nasreddine Bencherchali 2b520f9415 chore: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-12 10:15:23 +02:00
Nasreddine Bencherchali 6469462092 fix: fp found in testing 2023-06-12 00:41:36 +02:00
Nasreddine Bencherchali f963525e82 chore: update filters and metadata 2023-06-12 00:34:04 +02:00
Nasreddine Bencherchali d634acec1a feat: update legit child 2023-06-12 00:23:04 +02:00
Nasreddine Bencherchali a387b37a50 Rename image_load_side_load_RjvPlatform_2.yml to image_load_side_load_RjvPlatform_2.yml 2023-06-12 00:22:07 +02:00
Nasreddine Bencherchali 0a1fe0ebcd chore: rename file - remove space 2023-06-12 00:21:52 +02:00
Mohamed Ashraf (X__Junior) 2b2c5c42ca Create proc_creation_win_sndvol_susp_child_processes.yml 2023-06-09 20:43:13 +03:00
Mohamed Ashraf dd95695a0f Update image_load_side_load_edputil.yml 2023-06-09 20:37:59 +03:00
Mohamed Ashraf (X__Junior) dce3b11669 multiple dll sideloading rules 2023-06-09 20:35:44 +03:00
Nasreddine Bencherchali b02e3b698a Merge pull request #4289 from branchnetconsulting/patch-1 
feat: update logonscript rules
 2023-06-09 12:23:14 +02:00
phantinuss f3567b72f7 fix: wording 2023-06-09 12:14:16 +02:00
Nasreddine Bencherchali 9be8e2296a feat: update logon script rules 2023-06-09 12:09:35 +02:00
Nasreddine Bencherchali dd5aea1a37 Merge pull request #4297 from nasbench/codeintegrity-rule-update 
feat: Code Integrity Rules Updates
 2023-06-09 11:15:16 +02:00
phantinuss 8b99f2e7ed fix: wording 2023-06-09 10:48:54 +02:00
phantinuss 854fae2015 fix: wording 2023-06-09 10:44:40 +02:00
tr0mb1r 3254d84859 ClickOnce Trust Prompt Modification 2023-06-08 12:16:51 +04:00
tr0mb1r f0fd1930ba Update image_load_clickonce_unsigned_module_loaded.yml 2023-06-08 09:57:01 +04:00
tr0mb1r 47613199bd Update image_load_clickonce_unsigned_module_loaded.yml 2023-06-08 09:41:36 +04:00
tr0mb1r 4faa757e3c ClickOnce rule added 
Unsigned Module Loaded by ClickOnce Application added, based on the article:
https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
 2023-06-08 09:24:42 +04:00
jstnk9 8f3a3236ae feat: add new rule "Potential PSFactoryBuffer COM Hijacking" (#4299) 2023-06-07 21:10:08 +02:00
Paul Hager 695e0bd5e3 fix: typo in 'related' field 2023-06-07 12:02:43 +02:00
Nasreddine Bencherchali 827d687fdb fix: add ntlmv1 to known-fps 2023-06-07 10:48:34 +02:00
Nasreddine Bencherchali c23f33cf26 feat: more updates 2023-06-07 10:36:45 +02:00
phantinuss 630e1a4734 fix: exclude files that are marked for deletion 2023-06-07 10:24:51 +02:00
Nasreddine Bencherchali e8e2a2ca9a feat: update code integrity rules 2023-06-06 23:06:02 +02:00
Nasreddine Bencherchali 6af99aa46f chore: remove author 2023-06-05 23:27:44 +02:00
Kevin Branch b478f24985 Update proc_creation_win_persistence_userinitmprlogonscript.yml 
When logging into Windows Core, userinit.exe normalls calls PowerShell.exe without parameters to bring up a PowerShell window.
 2023-06-05 12:57:52 -04:00
Swachchhanda Shrawan Poudel 4bcd3c3196 corrected the date 2023-06-05 21:11:05 +05:45
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
phantinuss e407cfa1d6 fix: wording 2023-06-05 13:09:30 +02:00