blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	c7e772eff9	Add image_load_side_load_jsschhlp	2022-12-14 19:24:32 +01:00
$frack113$ frack113	a2e818ddca	Merge pull request #3785 from veramine/patch-4 Add System to list of built-in Windows processes with no extension	2022-12-14 16:06:48 +01:00
Florian Roth	6a7ae2fb19	Merge pull request #3786 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2022-12-14 15:27:13 +01:00
Florian Roth	c98e9ec3cc	fix: list with one element issue	2022-12-14 13:23:28 +01:00
Florian Roth	643a06766e	fix: FP with NVIDIA driver installation	2022-12-14 13:21:54 +01:00
$frack113$ frack113	be8338774c	Merge pull request #3784 from veramine/patch-3 Add System to list of built-in Windows processes	2022-12-14 13:21:12 +01:00
$frack113$ frack113	9af4c20912	Merge pull request #3783 from nasbench/nasbench-rule-devel feat: updates and enhancements	2022-12-14 13:19:46 +01:00
$frack113$ frack113	c3863afdc3	Merge pull request #3782 from securepeacock/patch-36 Update proc_creation_win_susp_runonce_execution.yml	2022-12-14 13:19:07 +01:00
Florian Roth	7365e12478	docs: explanation for filter	2022-12-14 13:08:10 +01:00
Florian Roth	232d7f840a	fix: FPs noticed with Aurora	2022-12-14 13:05:58 +01:00
Veramine	a6a41eae8f	Removed System from CommandLine	2022-12-14 02:25:21 -08:00
Veramine	6540ca0ed9	Update modified date	2022-12-14 02:13:53 -08:00
Nasreddine Bencherchali	d8e29c80fa	fix: remove filter	2022-12-14 11:09:46 +01:00
Nasreddine Bencherchali	a848537bac	fix: update commandline selection	2022-12-14 11:09:35 +01:00
Veramine	8a529a14c0	Add System to list of built-in Windows processes with no extension	2022-12-14 02:08:30 -08:00
Veramine	41fcd73fad	Add System to list of built-in Windows processes	2022-12-14 02:06:40 -08:00
Nasreddine Bencherchali	287916fa8b	fix: update logic	2022-12-13 23:49:58 +01:00
Nasreddine Bencherchali	d8b69e7a02	Merge pull request #3779 from frack113/dll_classicexplorer Add image_load_side_load_classicexplorer32	2022-12-13 18:41:01 +01:00
$frack113$ frack113	fd76082c14	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-13 18:26:42 +01:00
securepeacock	fea413849b	Update proc_creation_win_susp_runonce_execution.yml	2022-12-13 11:12:55 -05:00
securepeacock	af3857b42f	Update proc_creation_win_susp_runonce_execution.yml	2022-12-13 10:27:21 -05:00
securepeacock	ad55efd25f	Update proc_creation_win_susp_runonce_execution.yml Added coverage for a new procedure identified here: https://twitter.com/0gtweet/status/1602644163824156672?s=20&t=kuxbUnZPltpvFPZdCrqPXA	2022-12-13 09:50:43 -05:00
Nasreddine Bencherchali	5232094c71	fix: more fp found in testing and enhance fp metadata	2022-12-13 11:25:23 +01:00
$frack113$ frack113	3b88cab510	Add image_load_side_load_classicexplorer32	2022-12-13 10:26:21 +01:00
$frack113$ frack113	24d983a6a9	Merge pull request #3775 from danielgottt/patch-9 Create proc_creation_win_lolbin_setres.yml	2022-12-13 06:45:39 +01:00
$frack113$ frack113	ad75051c40	Merge pull request #3776 from danielgottt/patch-10 Create web_apache_solr_lfi_exploit.yml	2022-12-13 06:45:03 +01:00
Nasreddine Bencherchali	078fcaab28	fix: update description	2022-12-13 00:17:04 +01:00
Nasreddine Bencherchali	8011ef23a3	fix: enhance logic, description and title	2022-12-13 00:15:49 +01:00
Nasreddine Bencherchali	aca5dccd7f	fix: change title	2022-12-13 00:01:46 +01:00
Gott	796db1479f	Update web_cve_2021_27905_apache_solr_lfi_exploit.yml	2022-12-12 17:31:32 -05:00
Nasreddine Bencherchali	14ccb7b00e	fix: broken tag	2022-12-12 23:26:19 +01:00
Gott	11351b78dd	Rename web_cve_2021-27905_apache_solr_lfi_exploit.yml to web_cve_2021_27905_apache_solr_lfi_exploit.yml	2022-12-12 17:17:11 -05:00
Gott	c91c775f58	Rename web_apache_solr_lfi_exploit.yml to web_cve_2021-27905_apache_solr_lfi_exploit.yml	2022-12-12 17:16:52 -05:00
Gott	b9b88b1382	Update web_apache_solr_lfi_exploit.yml	2022-12-12 17:16:03 -05:00
Gott	120bff21f8	Update proc_creation_win_lolbin_setres.yml	2022-12-12 17:09:26 -05:00
Gott	a7662a7350	Update rules/windows/process_creation/proc_creation_win_lolbin_setres.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-12 17:07:05 -05:00
Nasreddine Bencherchali	681c720509	fix: fp in user_driver_loaded rule	2022-12-12 22:30:08 +01:00
Nasreddine Bencherchali	14a2bf3b59	fix: error in selection	2022-12-12 22:16:38 +01:00
Nasreddine Bencherchali	622fb687b7	fix: update logic and other information	2022-12-12 21:58:17 +01:00
Micah Babinski	52997da9b2	Modified level (reduce severity)	2022-12-12 07:33:47 -08:00
Micah Babinski	e8a980161c	Fixed rule description and title.	2022-12-12 07:32:26 -08:00
Micah Babinski	da2d06fa37	Added suspicious rcedit rule.	2022-12-12 07:28:57 -08:00
Nasreddine Bencherchali	1b63d9b413	Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel	2022-12-12 13:41:42 +01:00
Nasreddine Bencherchali	1cfd7794d2	fix: fix FP found in testing	2022-12-12 13:40:55 +01:00
$frack113$ frack113	0328946e69	Merge pull request #3774 from frack113/redcanary_20221211 Redcannary rules	2022-12-12 13:30:20 +01:00
sai prashanth pulisetti	5a46cd3efd	Create Abuse Nslookup with DNS Records (#3773 ) Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-12 13:24:46 +01:00
$frack113$ frack113	d797bf0eb1	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-12 13:23:59 +01:00
Nasreddine Bencherchali	d1e47d836a	feat: add related id	2022-12-12 10:44:11 +01:00
Nasreddine Bencherchali	f4cebfe7ac	fix: update title and description to reflect logic	2022-12-12 10:42:34 +01:00
Nasreddine Bencherchali	04b3d8885f	fix: deprecate `72671447-4352-4413-bb91-b85569687135`	2022-12-12 10:41:52 +01:00

1 2 3 4 5 ...

10781 Commits