security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
Nasreddine Bencherchali d14e287cdf Merge pull request #4134 from nasbench/nasbench-rule-devel 
fix: fp found in testing
 2023-03-23 12:19:39 +01:00
Nasreddine Bencherchali 07956e26e9 fix: remove version number 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-23 12:11:29 +01:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
Nasreddine Bencherchali 0ccef7822e fix: fp found in testing 2023-03-22 20:31:33 +01:00
Mohamed Ashraf 4c3296ce7a feat: new rule related to possible iviewers.dll sideloading (#4131) 2023-03-22 17:54:02 +01:00
xFFninja a0732b0d17 fix: update incorrect event field Accesses (#4133) 
This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml
 2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali bf148ad0ac fix: fp found in testing 2023-03-21 16:32:46 +01:00
D4rkCiph3r da468ec37a feat: new rule proc_creation_macos_add_to_admin_group.yml (#4121) 2023-03-21 11:29:42 +01:00
phantinuss a046b1c33a Merge pull request #4122 from cyb3rjy0t/patch-6 
azure_ad_suspicious_signin_bypassingMFA
 2023-03-21 09:37:24 +01:00
phantinuss 664d4b7b3e Merge pull request #4125 from X-Junior/new_malware_ua 
feat : new malware UA
 2023-03-21 08:59:53 +01:00
phantinuss 98ab4bcd6a fix: wording 2023-03-21 08:58:22 +01:00
tuan a035aa0385 feat: new rule related to process termination using kill (#4112) 2023-03-20 22:04:26 +01:00
Nasreddine Bencherchali b253e8cafc fix: apply suggestions from code review 2023-03-20 22:02:38 +01:00
Nasreddine Bencherchali 556ff56850 Merge pull request #4115 from YamatoSecurity/update-CIDR-rules 
fix: FPs on CIDR rules
 2023-03-20 21:42:23 +01:00
Nasreddine Bencherchali eb5d96f270 fix: update modified 2023-03-20 16:44:29 +01:00
Mohamed Ashraf (X__Junior) 87404ea1e1 Update proxy_ua_malware.yml 2023-03-20 17:41:13 +02:00
phantinuss d6b91a9abf fix: file extension (3) 2023-03-20 09:54:28 +01:00
phantinuss 23fc8e1d0c fix: file extension (2) 2023-03-20 09:40:23 +01:00
phantinuss f53e9676bb fix: missing file extention 2023-03-20 08:55:49 +01:00
cyb3rjy0t 14eea4ebcb azure_ad_suspicious_signin_bypassingMFA 2023-03-20 00:41:33 -04:00
Nasreddine Bencherchali b52abdef5c Merge pull request #4120 from leer-ts/master 
feat: add new rule related to `CVE-2023-23397` exploitation
 2023-03-17 23:39:49 +01:00
Nasreddine Bencherchali 4bcf5b75a7 fix: remove backslash and add example 2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali 4a171ae82d fix: add definition section 
Added a definition section to indicate that SACLs are required
 2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali cf49c5d509 fix: update rule for SIGMAHQ standard 2023-03-17 23:14:40 +01:00
Qasim Qlf 685c3d7970 fix: detection name word 'activity' (#4119) 2023-03-17 23:11:15 +01:00
leer-ts d456305533 Create win_security_outlook_remote_file.yml 2023-03-17 17:52:12 -04:00
Yamato Security bc8ee0831a revert comments 2023-03-18 04:54:43 +09:00
Yamato Security f05993bbbe update comment 2023-03-18 04:47:42 +09:00
Yamato Security fa472be0fd Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:25 +09:00
Yamato Security ae8199b9fa Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-18 04:31:01 +09:00
Hieu Tran 0e934bd4b4 feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111) 2023-03-17 13:00:57 +01:00
frack113 9ce7f083ef feat: new rule Potential Binary Or Script Dropper Via PowerShell.EXE (#4116) 2023-03-17 12:56:02 +01:00
Yamato Security 4fc5bd98aa update author line 2023-03-17 08:47:01 +09:00
Florian Roth 0ebbd09ab4 fix: removed unnecessary escapes 2023-03-16 22:54:41 +01:00
Florian Roth e4864b43d2 fix: regular expression 2023-03-16 22:46:08 +01:00
Yamato Security 2600f9781d remove list of 1 2023-03-17 05:05:22 +09:00
Yamato Security dcc38973cd update CIDR rules 2023-03-17 04:26:20 +09:00
Nasreddine Bencherchali 4287d790ae Update proc_creation_win_rundll32_webdav_client_susp_execution.yml 2023-03-16 19:34:23 +01:00
Nasreddine Bencherchali 53e86c8871 Update proc_creation_win_rundll32_webdav_client_execution.yml 2023-03-16 19:23:05 +01:00
Nasreddine Bencherchali 5ca7978ebe fix: escape slashes 2023-03-16 19:20:53 +01:00
Nasreddine Bencherchali 49a43832c4 fix: enhance selection 2023-03-16 19:19:25 +01:00
Nasreddine Bencherchali db62085f77 fix: ip regex 2023-03-16 19:18:36 +01:00
Nasreddine Bencherchali 5b14835a35 feat: add new rules related to CVE-2023-23397 2023-03-16 19:17:48 +01:00
Nasreddine Bencherchali 77cd0bf6c0 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-15 19:27:57 +01:00
Nasreddine Bencherchali 3ca27207be fix: tune more fp 2023-03-15 12:00:20 +01:00
Nasreddine Bencherchali 83bcab5fd6 chore: increase level of some sideloading rules 2023-03-15 01:10:52 +01:00
Nasreddine Bencherchali 64295b1ed7 fix: remove unnecessary filter 2023-03-15 00:11:35 +01:00
Nasreddine Bencherchali 1d45236bf6 fix: broken condition 2023-03-15 00:06:29 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali 933e99eef8 fix: cicd errors 2023-03-14 23:21:18 +01:00