security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

148 Commits

Author SHA1 Message Date
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
frack113 9ce7f083ef feat: new rule Potential Binary Or Script Dropper Via PowerShell.EXE (#4116) 2023-03-17 12:56:02 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 60c0b5fdd0 fix: remove pptx:zone 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-24 16:36:14 +01:00
Nasreddine Bencherchali 41e6b17610 fix: remove pptx extension 2023-02-24 13:34:49 +01:00
Nasreddine Bencherchali 80c0c5b391 fix: apply rewording suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-24 13:33:08 +01:00
Nasreddine Bencherchali 47de3e1857 fix: remove pwsh+cmd 2023-02-24 13:32:43 +01:00
Nasreddine Bencherchali af84545616 fix: fp found in baseline 2023-02-23 13:39:17 +01:00
Nasreddine Bencherchali 75281c8c20 fix: typo in modifier name 2023-02-23 13:30:31 +01:00
Nasreddine Bencherchali c37df2fa83 fix: remove incorrect field 2023-02-23 13:19:21 +01:00
Nasreddine Bencherchali d799ad9982 fix: revert change to rule 2023-02-23 12:55:46 +01:00
Nasreddine Bencherchali 078e3ab500 feat: updates and fixes 2023-02-23 12:49:44 +01:00
Wagga 2d283ff885 Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:10:03 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 7ec76db26c Merge branch 'master' into wmic-rules-updates 2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali 39e957d7ee fix: update title 2023-02-15 19:11:39 +01:00
Nasreddine Bencherchali 33207aa7ab fix: change link to permalink 2023-02-15 13:37:05 +01:00
Nasreddine Bencherchali 2fd43cbe82 fix: typo in field 2023-02-15 13:27:56 +01:00
Nasreddine Bencherchali c99d1f1876 fix: add some missing fields 2023-02-15 13:25:59 +01:00
fornotes 8876b4ba01 added SprintCSP.dll for StorSvc DLL Hijack 2023-02-15 11:37:18 +00:00
fornotes 96d774babd removed file_event_win_storsvc_dll_hijack.yml 
as suggested by  nasbench
 2023-02-15 11:29:57 +00:00
Nasreddine Bencherchali 7b86bea7ac fix: add missing modified 2023-02-14 19:30:19 +01:00
Nasreddine Bencherchali 2ef681291a feat: more rules updates 2023-02-14 19:30:18 +01:00
fornotes c0bda80e3e Added file_event_win_storsvc_dll_hijack.yml 2023-02-14 15:06:53 +05:30
Nasreddine Bencherchali 27aac97639 feat: updates and enhancements 2023-02-14 00:51:20 +01:00
Nasreddine Bencherchali 5e3aae4970 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-10 10:38:45 +01:00
Nasreddine Bencherchali 82d0b9e10c fix: add missing modified and improve test 2023-02-10 00:56:07 +01:00
Nasreddine Bencherchali 82cde0e10c feat: update rules related to onenote and more 2023-02-10 00:40:16 +01:00
Nasreddine Bencherchali a24012b2b5 fix: apply suggestions 2023-02-09 10:41:41 +01:00
Nasreddine Bencherchali 4bb2beeb15 fix: duplicate ids and small updates 2023-02-08 19:36:55 +01:00
Nasreddine Bencherchali d78e66dde3 fix: yaml error 2023-02-08 19:14:18 +01:00
Nasreddine Bencherchali 0717634671 feat: updates and enhancements 2023-02-08 19:12:35 +01:00
Nasreddine Bencherchali a19a75b0b0 fix: resolves #4015 2023-02-07 14:33:56 +01:00
Wagga 273fdb9985 fix: typos in multiple rules (#4011) 2023-02-06 13:53:23 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali 58912f5eda Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-26 23:01:51 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00
frack113 cb67871bd2 Revert "Change status of old rules" 2023-01-26 19:37:18 +01:00
frack113 5323fd4baa Change status of old rules 2023-01-25 18:41:18 +01:00