blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	cd7539d7e6	Create proc_creation_win_sc_delete_av_services.yml	2022-08-01 17:52:09 +01:00
Nasreddine Bencherchali	f4be1fa931	Update registry_set_policies_attachments_tamper.yml	2022-08-01 17:37:25 +01:00
Nasreddine Bencherchali	1764b51c0b	Update + New Rules	2022-08-01 17:37:16 +01:00
Nasreddine Bencherchali	8d615c9d78	Update rules	2022-08-01 16:02:07 +01:00
Nasreddine Bencherchali	38107ed527	Create registry_set_disable_autologger_sessions.yml	2022-08-01 16:01:56 +01:00
Nasreddine Bencherchali	676d8627c5	Merge rules 2	2022-08-01 16:01:51 +01:00
Nasreddine Bencherchali	e2afbe3400	Merge rules 1	2022-08-01 16:01:18 +01:00
Florian Roth	83efce33e9	Rename sysmon_file_event_iso.yml to file_event_win_iso_file_mount.yml	2022-07-31 13:58:55 +02:00
Florian Roth	fe6f1ce923	Merge pull request #3299 from Sam0x90/master Rule: ISO file creation in temporary folders, outlook and zip	2022-07-31 13:54:51 +02:00
Sam0x90	cc67e260fa	Merge branch 'SigmaHQ:master' into master	2022-07-31 13:46:19 +02:00
Florian Roth	d37bc651c2	fix: missing upper tick	2022-07-31 13:39:34 +02:00
Florian Roth	4747dbfe90	Update and rename sysmon_file_event_ISO.yml to sysmon_file_event_iso.yml	2022-07-31 13:38:40 +02:00
Florian Roth	e98d86dd6d	Merge pull request #3300 from SigmaHQ/aurora-false-positive-fixing Aurora false positive fixing	2022-07-31 13:35:57 +02:00
Florian Roth	3870fd81a1	Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing	2022-07-31 13:23:11 +02:00
Florian Roth	9795bf6f57	fix: FPs with git.exe	2022-07-31 13:22:39 +02:00
Sam0x90	dd392854a9	Merge branch 'SigmaHQ:master' into master	2022-07-31 13:20:15 +02:00
Sam0x90	15a7755338	Updated condition	2022-07-31 12:41:21 +02:00
$frack113$ frack113	67c5b110f4	Sideloading DLL with space path	2022-07-31 08:36:19 +02:00
Sam0x90	c9b6c0b08f	Updated title	2022-07-30 13:13:03 +02:00
Sam0x90	2cbafe7c3f	Update author	2022-07-30 12:13:59 +02:00
Sam0x90	22d3f33c59	Alpha version of sysmon_file_event_ISO.yml	2022-07-30 12:10:30 +02:00
$frack113$ frack113	ff33b9667e	Merge pull request #3297 from phantinuss/master fix: FP found in testing environment	2022-07-30 09:08:10 +02:00
$frack113$ frack113	18d2f4e188	Merge pull request #3296 from redsand/hawk_backend_update Backend: hawk update to support boolean comparison values and some co…	2022-07-30 09:07:52 +02:00
Bailey Bercik	231777eac8	Azure AD SecOps Guide	2022-07-29 19:27:31 +02:00
phantinuss	51db91352a	fix: FP found in testing environment	2022-07-29 16:00:19 +02:00
Tim Shelton	b39ec30d06	Backend: hawk update to support boolean comparison values and some column translation updates	2022-07-29 13:56:15 +00:00
Nasreddine Bencherchali	43f9522691	New Rules	2022-07-29 14:07:14 +02:00
Florian Roth	bc318c3a22	Merge pull request #3294 from SigmaHQ/rule-devel refactor: improved god mode rule	2022-07-29 13:27:38 +02:00
phantinuss	3413df8652	Merge pull request #3295 from phantinuss/master fix: FPs found in testing environment	2022-07-29 13:23:23 +02:00
phantinuss	74aaeb6833	fix: FPs found in testing environment	2022-07-29 13:17:15 +02:00
Borna Talebi	d5eafc49e2	Sysmon driver altitude change	2022-07-29 08:34:25 +02:00
Florian Roth	777d0f39a1	Merge pull request #3290 from pH-T/master new rule: browser remote debugging	2022-07-28 21:11:26 +02:00
$frack113$ frack113	452e924c06	Add file_event_win_susp_double_extension	2022-07-28 20:51:36 +02:00
MikeDuddington	7072f62991	additional detections for Azure AD	2022-07-28 19:44:51 +02:00
Nasreddine Bencherchali	dabc74af0c	Qbot rules	2022-07-28 19:33:09 +02:00
Florian Roth	623a3a6430	Merge pull request #3288 from nasbench/avast-vuln-driver Avast vuln driver	2022-07-28 17:41:30 +02:00
Florian Roth	a954de89d7	Merge branch 'master' into aurora-false-positive-fixing	2022-07-28 16:58:31 +02:00
Florian Roth	9ca043863e	fix: FPs noticed with Aurora	2022-07-28 16:58:24 +02:00
Florian Roth	2042317938	refactor: improved god mode rule	2022-07-28 16:58:06 +02:00
Florian Roth	28f8986f7a	Merge pull request #3286 from nasbench/nasbench-rule-dev Update & Fixes	2022-07-28 16:35:19 +02:00
Paul Hager	571e82ef3c	new rules: browser remote debugging	2022-07-28 15:48:59 +02:00
Nasreddine Bencherchali	0d8dba5200	Update driver_load_susp_temp_use.yml	2022-07-28 12:40:30 +01:00
Nasreddine Bencherchali	d4c0c79ee4	Create proc_creation_win_susp_new_kernel_driver_via_sc.yml	2022-07-28 12:40:26 +01:00
Nasreddine Bencherchali	2420c98959	Create driver_load_vuln_avast_anti_rootkit_driver.yml	2022-07-28 12:40:23 +01:00
Nasreddine Bencherchali	06ae038add	Update proc_creation_win_schtasks_appdata_local_system.yml	2022-07-28 10:28:57 +01:00
$frack113$ frack113	4aed58b0b7	Persistence appx	2022-07-28 07:04:53 +02:00
MikeDuddington	c0cb0d739b	Create azure_guest_to_member.yml	2022-07-28 07:04:13 +02:00
Nasreddine Bencherchali	bc5bc9fcdf	Update proc_creation_win_schtasks_appdata_local_system.yml	2022-07-28 01:49:12 +01:00
Nasreddine Bencherchali	5b3b87581d	Update proc_creation_win_schtasks_appdata_local_system.yml	2022-07-28 01:41:53 +01:00
Nasreddine Bencherchali	0038ead60d	Update proc_creation_win_schtasks_appdata_local_system.yml	2022-07-28 01:39:33 +01:00

1 2 3 4 5 ...

11988 Commits