security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,960 Commits 1 Branch 57 Tags
cfea7a7bccab5fe8eb7f2816bdf3a5c64aa35430
Commit Graph

11690 Commits

Author SHA1 Message Date
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali f5f6ec3e64 fix: update modifiers 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-28 18:27:41 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 1353d57485 fix: issues with CICD 2023-02-28 15:59:13 +01:00
Nasreddine Bencherchali 5689263f30 fix: add missing modified 2023-02-28 15:44:37 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 2234b7d180 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-28 12:34:41 +01:00
phantinuss b61ec0d515 restrict System process using PID 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-02-28 12:16:55 +01:00
phantinuss 8cf0de3776 fix: FP found in testing environment 2023-02-28 10:22:47 +01:00
Nasreddine Bencherchali 7f18403f51 Merge pull request #4077 from frack113/firewall 
feat: add win_firewall_as_add_rule_susp_folder
 2023-02-27 21:26:39 +01:00
frack113 506e124135 Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:36:44 +01:00
frack113 ca5cde25aa Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:25:27 +01:00
Nasreddine Bencherchali e10353e59a Merge pull request #4080 from phantinuss/master 
chore: remove unnecessary provider_name filter for security log
 2023-02-27 16:47:48 +01:00
Gude5 39928d2cdf feat: update del related detection (#4046) 2023-02-27 15:19:28 +01:00
phantinuss 6e1853cd1a chore: remove unnecessary provider_name filter for security log 2023-02-27 13:04:39 +01:00
Nasreddine Bencherchali 40f587b63d feat: more renames 2023-02-27 13:01:52 +01:00
sai prashanth pulisetti 46ed735d4a feat: add co-author to posh_pc_abuse_nslookup_with_dns_records.yml (#4079) 2023-02-27 12:16:55 +01:00
Nasreddine Bencherchali c533f8fcf2 fix: typos and title 2023-02-27 11:37:52 +01:00
frack113 d7e8407d0d Update detection 2023-02-26 16:28:46 +01:00
frack113 d29474079d Add win_firewall_as_add_rule_susp_folder 2023-02-26 15:50:17 +01:00
Nasreddine Bencherchali 587fbbce58 chore: update pipe-notation rules to unsupported 2023-02-24 19:54:14 +01:00
Nasreddine Bencherchali d6f3e7dacb feat: rename rules for conventions 2023-02-24 19:33:24 +01:00
frack113 4d8a6ca51f Merge pull request #4073 from nasbench/nasbench-rule-devel 
feat: updates and fixes
 2023-02-24 17:50:50 +01:00
Nasreddine Bencherchali 60c0b5fdd0 fix: remove pptx:zone 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-24 16:36:14 +01:00
Nasreddine Bencherchali 41e6b17610 fix: remove pptx extension 2023-02-24 13:34:49 +01:00
Nasreddine Bencherchali 80c0c5b391 fix: apply rewording suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-24 13:33:08 +01:00
Nasreddine Bencherchali 47de3e1857 fix: remove pwsh+cmd 2023-02-24 13:32:43 +01:00
Nasreddine Bencherchali 4da9252bba fix: add missing space 2023-02-23 19:33:00 +01:00
Bhabesh d3cfc7a7fa Fixed field name 2023-02-24 00:12:16 +05:45
Bhabesh dee1558a8d Added rule (fixed) for CVE-2023-23752 in Joomla 2023-02-23 23:40:08 +05:45
Nasreddine Bencherchali 5258f795a6 Merge pull request #4070 from securepeacock/patch-40 
chore: add new ref link for rule
 2023-02-23 16:28:18 +01:00
Nasreddine Bencherchali af84545616 fix: fp found in baseline 2023-02-23 13:39:17 +01:00
Nasreddine Bencherchali 75281c8c20 fix: typo in modifier name 2023-02-23 13:30:31 +01:00
Nasreddine Bencherchali c37df2fa83 fix: remove incorrect field 2023-02-23 13:19:21 +01:00
Nasreddine Bencherchali d799ad9982 fix: revert change to rule 2023-02-23 12:55:46 +01:00
Nasreddine Bencherchali 078e3ab500 feat: updates and fixes 2023-02-23 12:49:44 +01:00
phantinuss cca426c5a3 fix: FP with empty user and ip address 2023-02-23 11:38:47 +01:00
Nasreddine Bencherchali 09110727fd fix: change to permalink 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-23 10:47:52 +01:00
securepeacock 807b41c003 Update registry_set_wdigest_enable_uselogoncredential.yml 
Added Atomic Red Team test in references.
 2023-02-22 15:38:12 -05:00
Nasreddine Bencherchali aa8c18c0a5 Merge pull request #4066 from nasbench/nasbench-rule-devel 
feat: multiple updates and fixes
 2023-02-22 17:20:58 +01:00
frack113 ae45af68ab Update proc_creation_win_hktl_jlaive_batch_execution.yml 2023-02-22 17:13:48 +01:00
frack113 f2c3954e74 Update proc_creation_win_hktl_crackmapexec_execution_patterns.yml 2023-02-22 17:13:02 +01:00
Nasreddine Bencherchali 69c28fedbc fix: typo 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:16:49 +01:00
Nasreddine Bencherchali 02d6d571cb fix: apply suggestions from 2nd code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-22 12:15:49 +01:00
Nasreddine Bencherchali fc3c6ef4c7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-22 11:05:50 +01:00
phantinuss db4fb9ff8e Merge pull request #4056 from D4rkCiph3r/installer-child 
Create proc_creation_macos_susp_installer_child_process.yml
 2023-02-22 09:04:58 +01:00
phantinuss 3fc4a344f2 Merge pull request #4062 from qasimqlf/patch-34 
fix: One value of imagePath was wrong
 2023-02-22 09:03:39 +01:00
frack113 1a14cd58db Update proc_creation_win_msiexec_dll.yml 2023-02-22 06:34:02 +01:00
frack113 bc5ec4fc88 Update proc_creation_win_auditpol_susp_execution.yml 2023-02-22 06:26:30 +01:00
Nasreddine Bencherchali 275748b671 fix: add missing space + rename file 2023-02-21 23:29:47 +01:00