security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,861 Commits 1 Branch 57 Tags
cbc9a10eba21215eb241595cc9d585ff33dbbbed
Commit Graph

14861 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wagga cbc9a10eba Update java_xxe_exploitation_attempt.yml 2023-02-20 14:08:28 +01:00
Nasreddine Bencherchali b1866adb07 Merge pull request #4049 from nasbench/nasbench-rule-devel 
feat: new rules, updates and fixes
 2023-02-20 13:44:04 +01:00
Nasreddine Bencherchali ef68f4b116 Merge pull request #4050 from nasbench/pr-issue-templates 
feat: add PULL_REQUEST_TEMPLATE.md
 2023-02-20 13:18:49 +01:00
Nasreddine Bencherchali d86e5122cf Merge pull request #4060 from qasimqlf/patch-33 
fix: typo in taskName property
 2023-02-20 12:16:26 +01:00
Qasim Qlf 2ec65de9a2 fix: taskName property 2023-02-20 16:08:53 +05:00
m4nbat ae469ddefe New rules added for LockBit and Reddit used for C2. (#4045) 2023-02-20 12:07:02 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 5ab9b790b7 fix: typo 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 11:29:45 +01:00
Nasreddine Bencherchali 4921fa3494 Update PULL_REQUEST_TEMPLATE.md 2023-02-20 10:57:41 +01:00
frack113 e327427f13 Merge pull request #4048 from YamatoSecurity/update-powershell-usage-of-base64-IEX 
added other potential IEX strings
 2023-02-18 07:13:14 +01:00
Nasreddine Bencherchali a0236b669a Create PULL_REQUEST_TEMPLATE.md 2023-02-18 00:35:11 +01:00
Nasreddine Bencherchali 1d4a6dee3d fix: more fp 2023-02-17 23:23:31 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Yamato Security 9c673bbb15 added other potential IEX strings 2023-02-18 05:51:40 +09:00
frack113 db23238016 Merge pull request #4047 from D4rkCiph3r/patch-2 
Update proc_creation_macos_binary_padding.yml
 2023-02-17 21:50:57 +01:00
Nasreddine Bencherchali 2ae212f5ab fix: remove unnecessary filter 2023-02-17 21:36:54 +01:00
Nasreddine Bencherchali ee7d1d9890 feat: add reference 2023-02-17 19:58:26 +01:00
Nasreddine Bencherchali 787ea00ff7 feat: new rule for events.asp technique 2023-02-17 19:41:14 +01:00
D4rkCiph3r c965a8dca0 Update proc_creation_macos_binary_padding.yml 
Updated the modified field
reference link is same, I have a PR in ART Repo for the same, which is yet to be verified, maybe if it's allowed the man pages of "truncate" and "dd" can be referenced
Discarding the filter, there should either be "of="(output file) or a redirection or append symbol
 2023-02-17 23:16:28 +05:30
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
D4rkCiph3r 45ff572bd2 Update proc_creation_macos_binary_padding.yml 
Minor changes
 2023-02-17 18:22:26 +05:30
D4rkCiph3r afc6198da8 Update proc_creation_macos_binary_padding.yml 
Few minor changes, increasing the precision of the rule and reducing the possible false positives.
 2023-02-17 18:05:55 +05:30
Nasreddine Bencherchali 164b3a36b6 Merge pull request #4043 from nasbench/certutil-other-updates 
feat: certutil rules updates + other fixes
 2023-02-16 11:45:08 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 416c10e0d3 fix: yaml error in description 2023-02-16 11:15:06 +01:00
Nasreddine Bencherchali 4142819114 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:06:57 +01:00
Nasreddine Bencherchali 362f4e4e60 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:05:38 +01:00
Nasreddine Bencherchali e2068c5cd0 Merge pull request #4001 from mbabinski/master 
feat: new rule related to Right-to-left override character in the CLI
 2023-02-16 10:54:13 +01:00
Nasreddine Bencherchali 088ff06cc3 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 10:46:29 +01:00
Nasreddine Bencherchali e2acd4a276 fix: add missing space 2023-02-16 01:40:01 +01:00
Nasreddine Bencherchali 927affe24a fix: update metadata 2023-02-16 01:39:16 +01:00
Micah Babinski 0634364e5c Updated rule with YAML unicode escaping 2023-02-15 14:54:37 -08:00
Nasreddine Bencherchali f951fc7536 fix: remove unrelated bitsadmin selection 2023-02-15 21:18:38 +01:00
Nasreddine Bencherchali d56da92948 fix: broken selection 2023-02-15 19:58:48 +01:00
Nasreddine Bencherchali 7ec76db26c Merge branch 'master' into wmic-rules-updates 2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali 58e5201317 feat: update bitsadmin rules and other 2023-02-15 19:55:40 +01:00
Nasreddine Bencherchali c168a7ad00 feat: update certutil rules 2023-02-15 19:55:39 +01:00
frack113 e52edb69c4 Merge pull request #4039 from fornotes/master 
Added New Rule for LPE via StorSvc DLL Hijack
 2023-02-15 19:18:39 +01:00
Nasreddine Bencherchali 39e957d7ee fix: update title 2023-02-15 19:11:39 +01:00
Nasreddine Bencherchali 33207aa7ab fix: change link to permalink 2023-02-15 13:37:05 +01:00
Nasreddine Bencherchali 2fd43cbe82 fix: typo in field 2023-02-15 13:27:56 +01:00
Nasreddine Bencherchali c99d1f1876 fix: add some missing fields 2023-02-15 13:25:59 +01:00
fornotes 8876b4ba01 added SprintCSP.dll for StorSvc DLL Hijack 2023-02-15 11:37:18 +00:00
Nasreddine Bencherchali 5b3f97776a Merge pull request #4042 from nasbench/localpotato-binary-rule 
feat: add localpotato binary rule
 2023-02-15 12:30:41 +01:00
fornotes c42db7489d Merge branch 'SigmaHQ:master' into master 2023-02-15 11:30:22 +00:00
fornotes 96d774babd removed file_event_win_storsvc_dll_hijack.yml 
as suggested by  nasbench
 2023-02-15 11:29:57 +00:00
Moti-H ff4242dadd feat: add new application vulnerability rules (#4034) 2023-02-15 12:29:53 +01:00
fornotes 51ed166480 Merge branch 'SigmaHQ:master' into master 2023-02-15 11:26:53 +00:00