blue-team-tools

Author	SHA1	Message	Date
Austin Songer	53f426342c	Update win_file_winword_cve_2021_40444.yml	2021-09-22 22:26:05 -05:00
Austin Songer	ab613af365	Update sysmon_atlassian_confluence_cve_2021_26084_exploit.yml	2021-09-22 22:24:24 -05:00
$frack113$ frack113	3ac0d93f5b	Merge pull request #2062 from Pooch11/win-apt-greenbug-fix win-apt-greenbug-fix small change to B64encoded value of '/server='	2021-09-22 20:05:37 +02:00
unknown	9924cc3946	win-apt-greenbug-fix amend b64 value of /server= as seen in IOC	2021-09-22 10:33:04 -04:00
$frack113$ frack113	7b995f2d99	Merge pull request #2057 from secDre4mer/master Add two rules	2021-09-22 09:15:32 +02:00
$frack113$ frack113	045e87058b	add definition	2021-09-22 08:40:08 +02:00
unknown	3ace73f9fd	win-apt-greenbug-fix - change modified date as well	2021-09-21 16:59:32 -04:00
unknown	993bf46550	win-apt-greenbug-fix small change to B64encoded value of '/server=' in detection criteria	2021-09-21 16:56:01 -04:00
Florian Roth	d884f774f9	Update powershell_memorydump_getstoragediagnosticinfo.yml	2021-09-21 18:01:46 +02:00
phantinuss	46febf48b0	fix: remove rule, too many FPs and no better matching criteria	2021-09-21 16:52:17 +02:00
Max Altgelt	bf9bc03258	chore: properly name and describe rules	2021-09-21 15:59:01 +02:00
Max Altgelt	8c3faa390c	feat: Add rule for live memory dumping	2021-09-21 15:09:12 +02:00
$frack113$ frack113	5951ad1d9a	Merge pull request #2056 from frack113/some_global Split global rules	2021-09-21 12:42:59 +02:00
$frack113$ frack113	0884a70e28	fix tests.py error	2021-09-21 10:52:37 +02:00
$frack113$ frack113	4718f914e9	split global sysmon_hack_dumpert.yml	2021-09-21 10:43:42 +02:00
$frack113$ frack113	5fc82e5dc6	split global sysmon_tttracer_mod_load.yml	2021-09-21 10:39:02 +02:00
$frack113$ frack113	4c85858e12	split global sysmon_regsvr32_network_activity.yml	2021-09-21 10:33:47 +02:00
$frack113$ frack113	c0e24e9236	split global win_defender_disabled.yml	2021-09-21 10:24:52 +02:00
$frack113$ frack113	2b23118b0d	split global win_defender_exclusions.yml	2021-09-21 10:16:25 +02:00
$frack113$ frack113	318f8b714e	split global win_tool_psexec.yml	2021-09-21 10:10:48 +02:00
$frack113$ frack113	a96dd66b46	split global win_wmi_persistence.yml	2021-09-21 09:56:03 +02:00
$frack113$ frack113	0a6ac0b171	split global powershell_alternate_powershell_hosts.yml	2021-09-21 09:52:35 +02:00
$frack113$ frack113	f5d58a0cb1	split powershell_remote_powershell_session.yml	2021-09-21 09:48:50 +02:00
$frack113$ frack113	95af26f963	split powershell_suspicious_download.yml	2021-09-21 09:46:02 +02:00
$frack113$ frack113	10d11b7890	fix 4697 fieldname	2021-09-20 22:53:59 +02:00
$frack113$ frack113	b6dc4de5e1	split global win_invoke_obfuscation_*	2021-09-20 22:42:59 +02:00
$frack113$ frack113	feee70644f	split global win_invoke_obfuscation_*	2021-09-20 22:40:33 +02:00
Florian Roth	8909eefb90	Merge pull request #2052 from phantinuss/pr xwizard dll sideloading	2021-09-20 12:35:42 +02:00
phantinuss	25a407e24f	Update win_dll_sideload_xwizard.yml	2021-09-20 10:56:37 +02:00
Florian Roth	6c630502dc	Update win_dll_sideload_xwizard.yml	2021-09-20 10:54:53 +02:00
$frack113$ frack113	91788e57c7	Merge pull request #2051 from frack113/double_file_name fix duplicate name file	2021-09-20 10:45:35 +02:00
phantinuss	4e794fe3e7	xwizard dll sideloading	2021-09-20 10:39:31 +02:00
$frack113$ frack113	6286cf80cc	fix duplicate name file	2021-09-20 09:31:04 +02:00
$frack113$ frack113	d5108502a2	split win_apt_chafer_mar18.yml	2021-09-19 11:48:20 +02:00
$frack113$ frack113	faff9e6db7	spli win_apt_slingshot.yml	2021-09-19 11:36:40 +02:00
$frack113$ frack113	e69ec4624a	split win_apt_gallium.yml	2021-09-19 11:24:17 +02:00
$frack113$ frack113	c43c12e557	split win_apt_turla_commands.yml	2021-09-19 11:17:50 +02:00
$frack113$ frack113	b576ad115b	split win_apt_unidentified_nov_18.yml	2021-09-19 11:11:04 +02:00
$frack113$ frack113	06de91c92a	split win_apt_wocao.yml	2021-09-19 11:07:24 +02:00
$frack113$ frack113	dc8ad15d1a	split win_exchange_transportagent.yml	2021-09-19 11:03:16 +02:00
$frack113$ frack113	deb0ad5f58	split win_hktl_createminidump.yml	2021-09-19 10:19:34 +02:00
$frack113$ frack113	18e7e16005	split win_mal_adwind.yml	2021-09-19 10:12:03 +02:00
$frack113$ frack113	416b0556b1	split win_silenttrinity_stage_use.yml	2021-09-19 10:02:05 +02:00
$frack113$ frack113	7d000f2b1d	split win_susp_winrm_AWL_bypass.yml	2021-09-19 09:41:17 +02:00
$frack113$ frack113	81bf864d94	fix detection	2021-09-17 19:56:26 +02:00
$frack113$ frack113	509a4c2822	fix detection	2021-09-17 19:54:50 +02:00
$frack113$ frack113	d22382d0b9	fix detection	2021-09-17 19:52:40 +02:00
$frack113$ frack113	a1222c7716	Update sysmon_apt_oceanlotus_registry	2021-09-17 19:50:30 +02:00
Florian Roth	31021b9c32	Merge pull request #2040 from frack113/fix_win_outlook_registry_webview cleanup condition win_outlook_registry_webview.yml	2021-09-17 14:49:35 +02:00
$frack113$ frack113	6e4edfdf20	fix detection	2021-09-17 09:11:53 +02:00

1 2 3 4 5 ...

4578 Commits