security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

4601 Commits

Author SHA1 Message Date
frack113 75c01db53b Add import_module dll 2023-01-22 17:38:59 +01:00
Florian Roth a11051447e Merge pull request #3948 from SigmaHQ/rule-devel 
doc: adding another reference
 2023-01-22 11:18:59 +01:00
Florian Roth e95f0d03b4 doc: adding another reference 2023-01-22 11:03:59 +01:00
Florian Roth 1820b04917 Merge pull request #3947 from SigmaHQ/rule-devel 
docs: authors extended
 2023-01-22 11:02:31 +01:00
Florian Roth f2d633ad1a docs: authors extended 2023-01-22 10:57:11 +01:00
Florian Roth 9739cb1c69 Merge pull request #3946 from SigmaHQ/rule-devel 
rule: susp svchost sub process
 2023-01-22 10:32:06 +01:00
Nasreddine Bencherchali f1c9112413 fix: update filename 2023-01-22 01:04:27 +01:00
Nasreddine Bencherchali a530e7ad36 fix: add more detail 2023-01-22 01:00:55 +01:00
Florian Roth 52a4985dce rule: susp svchost sub process 2023-01-21 23:45:22 +01:00
Nasreddine Bencherchali ecaf89dd91 fix: fp with powercat 2023-01-21 18:15:37 +01:00
frack113 63045048e3 Merge pull request #3910 from cyb3rjy0t/patch-3 
ADS stored DLL execution using Rundll32
 2023-01-21 13:24:22 +01:00
Nasreddine Bencherchali 585f3a2f36 fix: update regex 2023-01-21 13:02:11 +01:00
Nasreddine Bencherchali 72fe5040f9 Merge pull request #3944 from nasbench/nasbench-rule-devel 
feat: new rules and fp fixes
 2023-01-21 12:46:46 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali 9f3537498c fix: remove net 2023-01-21 11:28:27 +01:00
Nasreddine Bencherchali 2ad9d65f75 fix: filter and add missing modified 2023-01-21 11:26:13 +01:00
Nasreddine Bencherchali 933cd0df7d fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-21 11:23:17 +01:00
Florian Roth 9aeb191999 Merge branch 'master' into rule-devel 2023-01-21 08:55:12 +01:00
Florian Roth 8c14f9cddb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2023-01-21 08:55:06 +01:00
Florian Roth 18600eaef4 refactor: extended some exploitation rules - sub procs 
https://twitter.com/skept1kal/status/1616647571904020481
 2023-01-21 08:55:04 +01:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali a98698f6a8 fix: apply suggestions from code review 2023-01-20 10:04:48 +01:00
Nasreddine Bencherchali bfcbc1adbc Merge pull request #3937 from nasbench/nasbench-rule-devel 
feat: fp fixes and enhancements
 2023-01-20 10:03:54 +01:00
Nasreddine Bencherchali f9aa98b438 Merge pull request #3939 from tropChaud/patch-2 
Update and rename proc_creation_win_sqlite_firefox_cookies.yml to pro…
 2023-01-20 10:03:40 +01:00
frack113 6de42e0996 Update proc_creation_win_sqlite_firefox_gecko_profile_data.yml 2023-01-20 09:57:09 +01:00
Nasreddine Bencherchali 4d44aa01dd fix: update description 2023-01-20 09:51:26 +01:00
Nasreddine Bencherchali 51b5f6883b fix: update description 2023-01-20 09:51:15 +01:00
Nasreddine Bencherchali 6d6721ba24 fix: reposition selection for readability 2023-01-20 09:46:24 +01:00
IntelScott 8a0cc0880d Update and rename proc_creation_win_sqlite_firefox_cookies.yml to proc_creation_win_sqlite_firefox_gecko_profile_data.yml 
Updated logic to expand database file coverage

Updated description to clarify this logic applies to other Gecko-based browsers too, as targeted recently by some stealers
 2023-01-19 17:55:12 -05:00
IntelScott 0630d0d01f Update and rename proc_creation_win_sqlite_chrome_cookies.yml to proc_creation_win_sqlite_chromium_profile_data.yml 
Updated to expand browser and database file coverage
 2023-01-19 17:52:30 -05:00
Nasreddine Bencherchali 1a9efa1002 feat: wmiprvse rule updates and merger 2023-01-19 23:10:06 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali a7c7816b96 fix: driverquery condition and selection 2023-01-19 21:52:37 +01:00
Nasreddine Bencherchali fa1ede8c68 feat: new rules for driverquery 2023-01-19 21:50:10 +01:00
Nasreddine Bencherchali 7538086e58 fix: broken condition 2023-01-19 21:49:55 +01:00
Nasreddine Bencherchali 1e57208fa2 fix: update broken selection 2023-01-19 21:33:29 +01:00
Nasreddine Bencherchali d9f37de1cf fix: fp found in testing 2023-01-19 18:47:11 +01:00
Nasreddine Bencherchali 3d26ba1fce Merge pull request #3935 from SigmaHQ/rule-devel 
rule: Manage Engine suspicious sub process
 2023-01-19 17:43:36 +01:00
Nasreddine Bencherchali 6557b3b239 fix: change link to permalink 2023-01-19 17:36:18 +01:00
Florian Roth 907b4cc750 docs: changed wording 2023-01-19 17:23:37 +01:00
Florian Roth 6d10d35b4f rule: Manage Engine suspicious sub process 2023-01-19 17:17:50 +01:00
Nasreddine Bencherchali e213252c4c feat: logic update to multiple rules 2023-01-19 16:37:10 +01:00
Nasreddine Bencherchali fe7d543314 fix: rename rules to show importance 2023-01-19 13:39:13 +01:00
Nasreddine Bencherchali 3a473b8313 fix: small metadata fixes 2023-01-18 23:30:40 +01:00
Nasreddine Bencherchali 143a413f4f fix: merge overlapping detections 2023-01-18 20:18:36 +01:00
Nasreddine Bencherchali 0cb78e498a fix: more fp found in testing 2023-01-18 20:16:34 +01:00
Nasreddine Bencherchali 02e4a5112d fix: fp found in testing 2023-01-18 18:41:07 +01:00
Nasreddine Bencherchali ff9844b8d7 fix: fp and broken field name 2023-01-18 10:47:40 +01:00
Nasreddine Bencherchali f3171177d8 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-18 10:24:04 +01:00