security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,404 Commits 1 Branch 57 Tags
c9e81f1cf00a68de6dbc6a17d57e2faa7a28d7ce
Commit Graph

3505 Commits

Author SHA1 Message Date
Nasreddine Bencherchali c9e81f1cf0 Update proc_creation_win_lolbin_sideload_link_binary.yml 2022-08-22 20:17:22 +01:00
Nasreddine Bencherchali 6aa4c56b3b Update proc_creation_win_net_recon.yml 2022-08-22 20:07:53 +01:00
Nasreddine Bencherchali a769377070 Update proc_creation_win_persistence_typed_paths.yml 2022-08-22 20:05:02 +01:00
Nasreddine Bencherchali ae9785eb47 TypedPaths 2022-08-22 20:04:43 +01:00
Nasreddine Bencherchali 1ef7208897 Create proc_creation_win_lolbin_sideload_link_binary.yml 2022-08-22 15:31:35 +01:00
Nasreddine Bencherchali 9f61d51408 Rename 2022-08-22 14:52:59 +01:00
Nasreddine Bencherchali 17aa5fec6d Update 2022-08-22 14:52:41 +01:00
Nasreddine Bencherchali 60154a963f Update proc_creation_win_ntfs_short_name_path_use_image.yml 2022-08-22 11:15:15 +01:00
Nasreddine Bencherchali bb51bb4bd4 Fix #3407 2022-08-22 11:14:08 +01:00
Florian Roth 00383708ce Merge pull request #3412 from aaronherman/add-dumpert-hacktools-implashes 
add Dumpert and other Imphashes to Windows Hacktools rule
 2022-08-21 11:00:51 +02:00
Florian Roth a4656f9cb7 Merge pull request #3408 from frack113/redcannary_20220820 
Redcannary 20220820
 2022-08-21 09:30:13 +02:00
Florian Roth f0bdb36b18 add more imphashes from Sysmon config 2022-08-21 09:17:23 +02:00
Florian Roth c99d94766e revert: remove dumpert rule 2022-08-21 09:08:19 +02:00
Florian Roth 79cd099ff0 Merge pull request #3404 from frack113/hotfix 
update 20220820
 2022-08-21 09:04:28 +02:00
AaronHerman 2a22cb76d7 remove dumpert rule, add to Windows Hacktools Impash 2022-08-20 20:23:15 -05:00
frack113 9f89d4c8c7 Redcannary 20220820 2022-08-20 17:12:31 +02:00
Florian Roth 268b0a8038 Merge pull request #3402 from nasbench/lolbin-update 
LOLBIN Updates
 2022-08-20 13:25:24 +02:00
frack113 df8df38414 Add proc_creation_win_susp_pester_parent 2022-08-20 12:18:49 +02:00
frack113 8333671025 Fix test error 2022-08-20 12:07:01 +02:00
frack113 bda5a032c8 update 20220820 2022-08-20 11:56:18 +02:00
Florian Roth 1443adc730 Update proc_creation_win_lolbin_customshellhost.yml 2022-08-20 10:27:40 +02:00
Florian Roth a82c533d30 Merge pull request #3395 from nasbench/nasbench-rule-devel 
Update + New Rules
 2022-08-20 09:46:40 +02:00
Florian Roth 5c27980bc6 Merge pull request #3403 from SigmaHQ/rule-devel 
rule: SharpUp, HandleKatz
 2022-08-20 09:29:55 +02:00
Florian Roth 65cdc9d04d Update proc_creation_win_lolbin_customshellhost.yml 2022-08-20 09:22:05 +02:00
Florian Roth 34b4249690 Merge pull request #3401 from frack113/redcannary_20220819 
Redcannary test
 2022-08-20 09:12:41 +02:00
Florian Roth 872a6525dd fix: list with 1 entry 2022-08-20 09:01:51 +02:00
Florian Roth e546862635 rule: sharpup 2022-08-20 00:49:39 +02:00
Nasreddine Bencherchali 544e06ee33 Update proc_creation_win_proc_dump_createdump.yml 2022-08-19 23:09:40 +01:00
Nasreddine Bencherchali 0dc4704f05 LOLBIN Updates 2022-08-19 23:05:46 +01:00
frack113 3dcb4c195b Add t1484.001 2022-08-19 19:12:40 +02:00
frack113 f88d2befa7 Update ref 2022-08-19 17:20:34 +02:00
frack113 0938659f94 Redcannary test 2022-08-19 14:06:08 +02:00
Florian Roth 60b7c0a407 Update proc_creation_win_webshell_spawn.yml 2022-08-19 09:08:31 +02:00
Florian Roth 7f7fb6ab47 Merge branch 'master' into rule-devel 2022-08-18 13:02:29 +02:00
Florian Roth fe041ad3d4 HandleKatz usage 2022-08-18 13:02:20 +02:00
Tim Shelton 8c027a17f2 FP: another false positive on using cmd exec to query service stats.... maybe theress a vuln opportunity here? 2022-08-18 04:51:38 +00:00
Nasreddine Bencherchali 52f26a14a2 Rule Update 2022-08-17 20:27:55 +01:00
Florian Roth 31faadf5ce Merge pull request #3391 from SigmaHQ/rule-devel 
Rule updates
 2022-08-17 16:11:40 +02:00
Florian Roth d26aa9d9f0 docs: update modified date 2022-08-17 15:58:39 +02:00
Florian Roth 54473e852d fix: .NET imphash 2022-08-17 15:56:57 +02:00
Florian Roth 133a19e4a5 fix: FP imphash 2022-08-17 15:00:22 +02:00
Florian Roth 059c7c4f9b Hacktool hashes update 2022-08-17 14:40:23 +02:00
Florian Roth f154f7a091 Merge branch 'master' into aurora-false-positive-fixing 2022-08-17 09:20:22 +02:00
Florian Roth eeeae44db5 Merge branch 'master' into rule-devel 2022-08-17 09:14:47 +02:00
Florian Roth f7ddb5ed7a Merge branch 'master' into rule-devel 2022-08-17 09:14:19 +02:00
Florian Roth 96276dc36e Rule Updates / New Rules 2022-08-17 09:14:13 +02:00
phantinuss bc2188c72b Merge pull request #3375 from nasbench/nasbench-rule-devel 
Rule Dev [New Rules+Updates]
 2022-08-16 16:46:27 +02:00
frack113 eded7e479d Merge pull request #3374 from frack113/netsh 
Netsh Delete
 2022-08-15 11:53:27 +02:00
Florian Roth 643f77aaff Update proc_creation_win_netsh_fw_delete.yml 2022-08-15 11:38:50 +02:00
Nasreddine Bencherchali e092872e87 Update proc_creation_win_susp_mshtml_runhtmlapplication.yml 2022-08-15 00:26:15 +01:00