blue-team-tools

Author	SHA1	Message	Date
kidrek	239afc945d	fix: update curl rules flags to use regex (#4213 )	2023-05-03 10:16:01 +02:00
dan21san	4b8f70fb97	feat: add new rules related to linux reverse shells (#4166 )	2023-04-25 11:03:11 +02:00
tareq-alkhatib	999cd5763a	chore: split selection clause into two (#4160 )	2023-04-05 05:04:54 +02:00
tuan	a035aa0385	feat: new rule related to process termination using `kill` (#4112 )	2023-03-20 22:04:26 +01:00
tuan	2a1124e95e	feat: new rules `Linux Package Uninstall` (#4098 )	2023-03-13 00:04:53 +01:00
Nasreddine Bencherchali	e3503d5d60	feat: more updates	2023-03-06 00:39:26 +01:00
Wagga	273fdb9985	fix: typos in multiple rules (#4011 )	2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
$frack113$ frack113	66700a69e2	Merge pull request #3994 from ionsor/patch-8 Update proc_creation_lnx_hack_tools.yml	2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali	2684f0f63c	fix: remove unnecessary entry	2023-01-31 17:21:42 +01:00
Nasreddine Bencherchali	412efdad03	fix: update selection	2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali	164ee358c3	fix: update modified date	2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali	6a337151d1	feat: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-01-31 17:11:18 +01:00
Feathers	8f6242c35f	Update proc_creation_lnx_hack_tools.yml added to the list of hacking tools, Linpeas, a privilege escalation script	2023-01-31 17:01:17 +01:00
Nasreddine Bencherchali	33952874f1	fix: update selection	2023-01-31 14:14:50 +01:00
Nasreddine Bencherchali	e158d6c1eb	feat: add shadow file	2023-01-31 12:25:33 +01:00
Nasreddine Bencherchali	6a65920dd6	feat: new rules from blackberry	2023-01-31 00:38:06 +01:00
$frack113$ frack113	1033b3f404	change status to test	2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali	7d2b70cb91	feat: add bpf related rules	2023-01-25 01:14:49 +01:00
Nasreddine Bencherchali	1c0bf6e262	feat: update windows firewall rules	2023-01-17 19:01:37 +01:00
Nasreddine Bencherchali	85fb255bc9	feat: new rules and updates	2023-01-17 01:00:44 +01:00
$frack113$ frack113	e886902374	Update proc_creation_lnx_system_network_connections_discovery.yml	2023-01-13 10:12:10 +01:00
Veramine	d91a1d0903	filter some legitimate activity Filter landscape-sysinfo tool calling who	2023-01-13 00:47:40 -08:00
$frack113$ frack113	4023bf2c83	Remove mitre url	2023-01-10 18:09:04 +01:00
$frack113$ frack113	379fa4f3df	Update modified	2023-01-05 09:11:49 +01:00
xFFninja	a499c7076d	fix Image field On Linux git has no .exe extension	2023-01-05 09:47:11 +02:00
Nasreddine Bencherchali	d8b8cf04bd	fix: wrong fp	2023-01-04 18:38:04 +01:00
Nasreddine Bencherchali	2b04519923	fix: unique item list	2023-01-04 18:26:59 +01:00
Nasreddine Bencherchali	711ba956e3	feat: updates and enhancements	2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali	425c29cf1c	feat: add new linux rules	2022-12-29 11:17:42 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
tuan	2d759cad94	Add rule delete group or user (#3822 ) Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 11:21:14 +01:00
Nasreddine Bencherchali	b9ae5303f1	Merge pull request #2801 from tuanhxh1/master add rules related to usage of "usermod"	2022-12-21 20:33:04 +01:00
Nasreddine Bencherchali	d51ff694a4	fix: rule status	2022-12-21 19:23:23 +01:00
Nasreddine Bencherchali	c97463e774	fix: update linux rules	2022-12-21 17:59:46 +01:00
$frack113$ frack113	c820216541	Update Title (#3733 )	2022-11-28 06:43:17 +01:00
jstnk9	a573a8e1bc	Title modified in several rules (#3728 )	2022-11-25 15:34:38 +01:00
$frack113$ frack113	11cb03181e	Order yaml field	2022-10-25 08:53:44 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
Nasreddine Bencherchali	545d8170e6	Update proc_creation_lnx_sudo_cve_2019_14287.yml	2022-10-06 00:18:18 +02:00
Nasreddine Bencherchali	2c26614ce4	Update Wildcard + Int to Str fields	2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali	7176d672b5	Fix wildcard	2022-10-05 17:21:34 +02:00
Rachel Rice	24e87d0f34	fix: Rename Linux process creation rule to use established pattern One rule had filename beginning 'prox' rather than 'proc'. Signed-off-by: Rachel Rice <rachel.rice@lacework.net>	2022-09-22 17:42:54 +01:00
nasreddine.bencherchali@nextron-systems.com	9d5652c4c2	Update proc_creation_lnx_services_stop_and_disable.yml	2022-09-16 13:43:01 +02:00
nasreddine.bencherchali@nextron-systems.com	7f3158d09e	Fix after review	2022-09-16 11:47:19 +02:00
nasreddine.bencherchali@nextron-systems.com	5dfa871cef	Update proc_creation_lnx_base64_shebang_cli.yml	2022-09-16 09:38:00 +02:00
nasreddine.bencherchali@nextron-systems.com	33271e9034	Quick update	2022-09-16 09:29:45 +02:00
nasreddine.bencherchali@nextron-systems.com	4fc62dee7c	Linux rules update	2022-09-16 09:22:57 +02:00
Nasreddine Bencherchali	be25ff87e2	Update proc_creation_lnx_webshell_detection.yml	2022-08-01 23:40:34 +01:00
Nasreddine Bencherchali	f45eba2002	Update proc_creation_lnx_webshell_detection.yml	2022-08-01 23:28:49 +01:00

1 2 3

129 Commits