security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,394 Commits 1 Branch 57 Tags
ce750aba9caaff7e1db0804e1c65402e00be9410
Commit Graph

3935 Commits

Author SHA1 Message Date
Florian Roth ce750aba9c fix: wrong condition 2022-10-31 17:38:04 +01:00
Florian Roth b17777751e Merge branch 'master' into aurora-false-positive-fixing 2022-10-31 15:53:53 +01:00
phantinuss 743ebf08f7 Merge pull request #3660 from qasimqlf/patch-10 
Title Fix
 2022-10-31 11:53:46 +01:00
Florian Roth 711844ea93 fix: Visual Studio Builds 2022-10-31 11:48:24 +01:00
phantinuss 0d63c5a4ff fix: modified should change on title changes 
https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide#date
 2022-10-31 11:44:16 +01:00
phantinuss 1f9a833b9b fix: no modified date for changes on meta data 2022-10-31 11:34:08 +01:00
phantinuss 2788fba40d fix: FPs found with Aurora 2022-10-31 11:31:30 +01:00
Qasim Qlf b3c0301bde Title Fix 2022-10-31 15:23:05 +05:00
frack113 095bc89545 Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 
change to LF
 2022-10-31 08:49:16 +01:00
frack113 5c416e94cf Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 2022-10-31 08:20:41 +01:00
bohops c0e98d352a Add vsls-agent lolbin rule 2022-10-30 17:06:37 -04:00
Nasreddine Bencherchali ff3d576a1a Fix small typos 2022-10-28 23:51:43 +02:00
Nasreddine Bencherchali fd256717b0 Update proc_creation_win_msiexec_install_quiet.yml 2022-10-28 18:03:47 +02:00
Nasreddine Bencherchali 012e10a8be Update proc_creation_win_raspberry_robin_single_dot_ending_file.yml 2022-10-28 17:51:46 +02:00
Nasreddine Bencherchali ae2f3ea66d Add examples 2022-10-28 17:51:26 +02:00
Nasreddine Bencherchali d6e076658d Update after merge 2022-10-28 17:42:57 +02:00
Nasreddine Bencherchali c21524b249 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-10-28 17:37:54 +02:00
Nasreddine Bencherchali 3cb577ddfc Raspberry Robin Related Rules 2022-10-28 17:25:25 +02:00
frack113 1f8e37351e order yaml 2022-10-28 15:06:36 +02:00
Nasreddine Bencherchali 9d8cc243eb Update description 2022-10-28 13:16:38 +02:00
Nasreddine Bencherchali 66b251604a Add related field to new rule 2022-10-28 13:15:10 +02:00
phantinuss f004d27efe fix: FP from testing environment 2022-10-28 11:39:53 +02:00
Gude5 a3e6856764 new rules: Sigma rules based on Elastic rules (#3632) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-28 10:13:44 +02:00
frack113 625f05df3c Merge pull request #3646 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-28 06:34:48 +02:00
phantinuss 152f22ba01 fix: FPs in testing environment 2022-10-27 09:46:05 +02:00
Nasreddine Bencherchali 4be6af3c08 Add/Update PAExec Rules 2022-10-26 23:27:17 +02:00
Nasreddine Bencherchali efe0cf5871 Add/Update Exchange/Mailbox Rules 2022-10-26 23:17:54 +02:00
Nasreddine Bencherchali 388624e279 Update PsExec Rules 2022-10-26 23:15:01 +02:00
Nasreddine Bencherchali aa75e084e8 Fix Issue #3593 2022-10-26 18:22:26 +02:00
Nasreddine Bencherchali bb84e503fa Merge branch 'master' into nasbench-rule-devel 2022-10-26 10:39:55 +02:00
Nasreddine Bencherchali c495a61692 Update proc_creation_win_susp_office_token_search.yml 2022-10-26 10:37:23 +02:00
Nasreddine Bencherchali 37af110aa2 Update proc_creation_win_susp_office_token_search.yml 2022-10-25 23:48:08 +02:00
Nasreddine Bencherchali 29661b98af Apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-10-25 15:17:50 +02:00
Nasreddine Bencherchali c4a89b3b44 Update proc_creation_win_susp_squirrel_lolbin.yml 2022-10-25 13:41:49 +02:00
Nasreddine Bencherchali 214ba4b2e2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-10-25 12:27:43 +02:00
Nasreddine Bencherchali b07f843a5a Update proc_creation_win_susp_squirrel_lolbin.yml 2022-10-25 11:18:38 +02:00
Nasreddine Bencherchali ada1121447 Add Office Token Stealing Rules 2022-10-25 01:14:27 +02:00
Nasreddine Bencherchali 34e9f0530b Add Inveigh Rules 2022-10-24 22:57:48 +02:00
schatzimangou 612f66e8a0 Msiexec update in sigma rules 2022-10-24 08:18:25 +02:00
nasreddine.bencherchali@nextron-systems.com c6bd6ec489 Create proc_creation_win_susp_electron_app_children.yml 2022-10-24 01:04:43 +02:00
Florian Roth e9d7c3fdfc Merge pull request #3611 from nasbench/fix-false-positives 
Fix FP In Testing
 2022-10-21 18:11:27 +02:00
Max Altgelt c21904620d fix: FP with conhost / csrss 2022-10-21 13:26:59 +02:00
Florian Roth 7bb2832e0f Merge pull request #3613 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-21 08:57:43 +02:00
Florian Roth bdddb3945c Update proc_creation_win_lolbin_susp_wsl.yml 2022-10-21 08:55:51 +02:00
Nasreddine Bencherchali 2b78d921c4 Update proc_creation_win_hack_rubeus.yml 2022-10-20 12:41:23 +02:00
Nasreddine Bencherchali b4cbd6b2ee Rework Rule Condition 2022-10-20 12:25:52 +02:00
Nasreddine Bencherchali 21f8477e43 Add missing OriginalFileName 
Add missing OriginalFileName for some rules
 2022-10-20 12:25:32 +02:00
Nasreddine Bencherchali aabd6efbc1 Create proc_creation_win_susp_service_dacl_modification_set_service.yml 
Add variation of the technique described in the rule 99cf1e02-00fb-4c0d-8375-563f978dfd37 using the "set-service" cmdlet
 2022-10-20 11:57:24 +02:00
Nasreddine Bencherchali 3cdd105355 Add SafetyKatz+Seatbelt Rules 2022-10-20 11:56:19 +02:00
Nasreddine Bencherchali 1ee657b1fc Update Hacktool Rules 2022-10-20 11:55:59 +02:00