blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	c43c12e557	split win_apt_turla_commands.yml	2021-09-19 11:17:50 +02:00
$frack113$ frack113	b576ad115b	split win_apt_unidentified_nov_18.yml	2021-09-19 11:11:04 +02:00
$frack113$ frack113	06de91c92a	split win_apt_wocao.yml	2021-09-19 11:07:24 +02:00
$frack113$ frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
$frack113$ frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
$frack113$ frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
$frack113$ frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
$frack113$ frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
$frack113$ frack113	842e6481d8	Merge pull request #2046 from frack113/fix_Class Fix invalid registry _Class	2021-09-19 09:28:46 +02:00
Roberto Rodriguez	407289d300	Rule to detect the execution of a script via SCX RunAsprovider ExecuteScript	2021-09-18 03:50:37 -04:00
$frack113$ frack113	81bf864d94	fix detection	2021-09-17 19:56:26 +02:00
$frack113$ frack113	509a4c2822	fix detection	2021-09-17 19:54:50 +02:00
$frack113$ frack113	d22382d0b9	fix detection	2021-09-17 19:52:40 +02:00
$frack113$ frack113	a1222c7716	Update sysmon_apt_oceanlotus_registry	2021-09-17 19:50:30 +02:00
Florian Roth	31021b9c32	Merge pull request #2040 from frack113/fix_win_outlook_registry_webview cleanup condition win_outlook_registry_webview.yml	2021-09-17 14:49:35 +02:00
Florian Roth	89b225e43b	Merge pull request #2041 from frack113/fix_sysmon_susp_mic_cam_access fix detection in sysmon_susp_mic_cam_access	2021-09-17 14:49:07 +02:00
Florian Roth	260578dceb	fix: wrong modified field	2021-09-17 14:29:19 +02:00
Roberto Rodriguez	c17104b2eb	updated level to high	2021-09-17 04:30:17 -04:00
Roberto Rodriguez	7618cf4672	Rule to detect the use of the SCX RunAsProvider Invoke_ExecuteShellCommand to execute any UNIX/Linux command using the /bin/sh shell	2021-09-17 04:23:11 -04:00
$frack113$ frack113	6e4edfdf20	fix detection	2021-09-17 09:11:53 +02:00
$frack113$ frack113	ebc5ebe7ba	cleanup condition	2021-09-17 08:23:14 +02:00
$frack113$ frack113	158746a904	Merge pull request #2036 from frack113/sysmon_registry_persistence_search_order [Turla Mosquito] fix detection from references	2021-09-17 06:36:46 +02:00
$frack113$ frack113	6dd4315f36	Merge pull request #2035 from frack113/fix_bad_category Fix bad category in possible_privilege_escalation_via_service_registry_permissions	2021-09-17 06:35:29 +02:00
$frack113$ frack113	377c5a80f5	Merge pull request #2031 from frack113/lnx_global Split global linux rule	2021-09-17 06:34:59 +02:00
$frack113$ frack113	05f4f50fc2	Merge pull request #2037 from frack113/clean_win_outlook_registry_todaypage Clean win outlook registry todaypage	2021-09-17 06:34:38 +02:00
Sittikorn S	13553ef917	Update web_cve_2021_40539_manageengine_adselfservice_exploit.yml	2021-09-17 09:53:12 +07:00
$frack113$ frack113	7a22fc6dba	clean string	2021-09-16 16:26:53 +02:00
$frack113$ frack113	c36cf428ac	clean list 1 elem	2021-09-16 16:18:30 +02:00
Florian Roth	a926439b39	fix: `default` to `(Default)`	2021-09-16 11:39:45 +02:00
$frack113$ frack113	6e981f56df	fix detection from references	2021-09-16 09:20:41 +02:00
$frack113$ frack113	8a847e0538	Update process_creation_possible_privilege_escalation_via_service_registry_permissions.yml	2021-09-15 19:05:31 +02:00
$frack113$ frack113	973e0666ac	Merge pull request #2020 from frack113/pc_global Split some global process_creation rules	2021-09-15 19:03:30 +02:00
$frack113$ frack113	3b8282c221	fix detection	2021-09-15 16:21:30 +02:00
$frack113$ frack113	33a51df46a	Update lnx_system_info_discovery.yml	2021-09-14 21:03:46 +02:00
$frack113$ frack113	a6da209507	Update lnx_auditd_system_info_discovery2.yml	2021-09-14 21:02:51 +02:00
$frack113$ frack113	a3477893de	Update lnx_auditd_network_service_scanning.yml	2021-09-14 21:02:13 +02:00
$frack113$ frack113	83531bb2ff	split global lnx_system_info_discovery.yml	2021-09-14 20:13:57 +02:00
$frack113$ frack113	38c0f83eaf	split global lnx_sudo_cve_2019_14287.yml	2021-09-14 20:07:13 +02:00
$frack113$ frack113	87e5fc48fa	split global lnx_security_tools_disabling.yml	2021-09-14 19:32:58 +02:00
$frack113$ frack113	ecefc6e913	add missing product	2021-09-14 19:29:49 +02:00
$frack113$ frack113	bc69900335	split global lnx_network_service_scanning.yml	2021-09-14 19:27:28 +02:00
$frack113$ frack113	30955c4884	split global lnx_auditd_cve_2021_3156_sudo_buffer_overflow.yml	2021-09-14 19:24:11 +02:00
$frack113$ frack113	1e4484bffb	split lnx_auditd_cve_2021_3156_sudo_buffer_overflow	2021-09-14 19:22:56 +02:00
$frack113$ frack113	b08b3e2b0d	Merge pull request #2021 from frack113/global_registry Split registry Global rules	2021-09-14 19:18:34 +02:00
$frack113$ frack113	d13af3e258	Merge pull request #2019 from frack113/normalise_name Split 2 global rules and normalyze name	2021-09-14 19:17:55 +02:00
$frack113$ frack113	7298225cbe	Merge pull request #2028 from zakibro/master New Rule - Linux - Auditd - Screen Capture with xwd	2021-09-14 09:58:11 +02:00
zakibro	e47a7d9826	Update lnx_auditd_screencaputre_xwd.yml	2021-09-13 19:08:23 +02:00
Pawel Mazur	a8f9617ccd	New Rule - Linux - Auditd - Screen Capture with xwd	2021-09-13 18:56:33 +02:00
Florian Roth	4118402127	Merge pull request #2027 from frack113/fix_reg_key Fix registry TargetObject	2021-09-13 15:59:47 +02:00
Florian Roth	680cad2a52	Merge pull request #2025 from BlackB0lt/patch-18 Update win_file_winword_cve_2021_40444.yml	2021-09-13 15:58:45 +02:00

1 2 3 4 5 ...

5962 Commits