security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,403 Commits 1 Branch 57 Tags
c9fe367eae00e507e870a67bfccdfc38abcf1afb
Commit Graph

13403 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth c9fe367eae rule: amsi bypass 2022-11-09 09:44:31 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
Florian Roth d254c7a514 Update rules/windows/network_connection/net_connection_win_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:17 +01:00
Florian Roth ffbaee0c56 Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:12 +01:00
Florian Roth f27466ef2b Update rules/linux/network_connection/net_connection_lnx_ngrok_tunnel.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-04 10:49:01 +01:00
Florian Roth 4fcac3089d Rule: Ngrok tunnel LNX 2022-11-03 17:41:23 +01:00
Florian Roth e6278f839b Rule: Ngrok Tunnel Target 2022-11-03 17:38:53 +01:00
Florian Roth b00966d79d fix: dysfunctional renamed adfind rule 2022-11-01 14:58:02 +01:00
Florian Roth 1bff9dc013 Merge branch 'master' into rule-devel 2022-10-31 15:55:35 +01:00
Florian Roth 493144a3b3 Racoon stealer UAs 2022-10-31 15:55:28 +01:00
phantinuss 743ebf08f7 Merge pull request #3660 from qasimqlf/patch-10 
Title Fix
 2022-10-31 11:53:46 +01:00
phantinuss 8c2b14a7ab Merge pull request #3661 from phantinuss/master 
FP fixes
 2022-10-31 11:44:39 +01:00
phantinuss 0d63c5a4ff fix: modified should change on title changes 
https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide#date
 2022-10-31 11:44:16 +01:00
phantinuss a20789cc49 Merge pull request #3654 from SigmaHQ/aurora-false-positive-fixing 
fix: FP with Code Integrity Attempted DLL Load
 2022-10-31 11:35:56 +01:00
phantinuss 1f9a833b9b fix: no modified date for changes on meta data 2022-10-31 11:34:08 +01:00
phantinuss 2788fba40d fix: FPs found with Aurora 2022-10-31 11:31:30 +01:00
Qasim Qlf b3c0301bde Title Fix 2022-10-31 15:23:05 +05:00
phantinuss 91af76417b fix: new code integrity offenders 2022-10-31 11:13:56 +01:00
Florian Roth 48bf635acd Merge pull request #3659 from bohops/master 
Add vsls-agent lolbin rule
 2022-10-31 10:08:25 +01:00
frack113 095bc89545 Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 
change to LF
 2022-10-31 08:49:16 +01:00
frack113 5c416e94cf Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 2022-10-31 08:20:41 +01:00
bohops c0e98d352a Add vsls-agent lolbin rule 2022-10-30 17:06:37 -04:00
Florian Roth 897580f294 Update win_codeintegrity_attempted_dll_load.yml 2022-10-29 09:52:36 +02:00
frack113 c1c4ef0f9c Merge pull request #3655 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-29 09:39:12 +02:00
frack113 15d7855c1c Merge pull request #3656 from nasbench/fix-false-positives 
fix: FP with dbgcore and dbghelp
 2022-10-29 09:38:05 +02:00
Mustafa Kaan Demir 27822a0827 DomainPasswordSpray Attacks Rule 2022-10-29 09:36:40 +02:00
Nasreddine Bencherchali ff3d576a1a Fix small typos 2022-10-28 23:51:43 +02:00
Nasreddine Bencherchali 9c10585a34 fix: fix fp in testing 2022-10-28 18:11:30 +02:00
Nasreddine Bencherchali fd256717b0 Update proc_creation_win_msiexec_install_quiet.yml 2022-10-28 18:03:47 +02:00
Nasreddine Bencherchali 012e10a8be Update proc_creation_win_raspberry_robin_single_dot_ending_file.yml 2022-10-28 17:51:46 +02:00
Nasreddine Bencherchali ae2f3ea66d Add examples 2022-10-28 17:51:26 +02:00
Nasreddine Bencherchali d6e076658d Update after merge 2022-10-28 17:42:57 +02:00
Nasreddine Bencherchali c21524b249 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-10-28 17:37:54 +02:00
Nasreddine Bencherchali 761bf551b1 Add more system processes 2022-10-28 17:25:53 +02:00
Nasreddine Bencherchali bb8d7b3414 Add more suspicious extensions 2022-10-28 17:25:41 +02:00
Nasreddine Bencherchali 3cb577ddfc Raspberry Robin Related Rules 2022-10-28 17:25:25 +02:00
Florian Roth 07cf7ae5fa fix: FP with Code Integrity Attempted DLL Load 2022-10-28 16:28:49 +02:00
frack113 1f8e37351e order yaml 2022-10-28 15:06:36 +02:00
Nasreddine Bencherchali 9d8cc243eb Update description 2022-10-28 13:16:38 +02:00
Nasreddine Bencherchali 66b251604a Add related field to new rule 2022-10-28 13:15:10 +02:00
Nasreddine Bencherchali 84a4b6ccb0 Rename 2022-10-28 13:14:35 +02:00
Florian Roth 4f9f5de9b8 Merge pull request #3651 from phantinuss/master 
fix: FP from testing environment
 2022-10-28 12:44:18 +02:00
phantinuss f004d27efe fix: FP from testing environment 2022-10-28 11:39:53 +02:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
Florian Roth b23832f707 Merge pull request #3649 from phantinuss/master 
fix: new FP with Avast
 2022-10-28 09:34:21 +02:00
phantinuss f7319989e4 fix: new FP with Avast 2022-10-28 08:47:09 +02:00
frack113 625f05df3c Merge pull request #3646 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-28 06:34:48 +02:00
Florian Roth b5a43a0815 Merge pull request #3648 from nasbench/fix-false-positives 
Fix False Positives In Testing
 2022-10-27 21:15:24 +02:00