security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

4601 Commits

Author SHA1 Message Date
ZikyHD ece829bb25 Update win_susp_adfind.yml 
Typo on field name
 2020-12-29 14:40:36 +01:00
Florian Roth 43033ab874 Update win_susp_emotet_rudll32_execution.yml 2020-12-25 09:05:55 +01:00
Tran Trung Hieu d551b88d5c Edit title convention 2020-12-25 14:21:26 +07:00
Tran Trung Hieu 4297e68704 Detect Emotet DLL loading by looking rundll32.exe 2020-12-25 14:09:40 +07:00
Daniel Masse bf539fd1fe Revert "Fix bug changing the logsource service to category" 
This reverts commit 0f51e53d0e.
 2020-12-23 15:50:49 -05:00
Daniel Masse 71ea5c7437 Add missing product in logsource 2020-12-23 15:45:00 -05:00
Daniel Masse 0f51e53d0e Fix bug changing the logsource service to category 2020-12-23 15:12:31 -05:00
Daniel Masse d2edf715f2 Split up cmstp rule into 3 separate rules and remove duplicates 2020-12-23 12:17:39 -05:00
Florian Roth dedc34e91a fix: typos and description 2020-12-23 14:46:08 +01:00
Florian Roth cdc29dfbe8 rule: Lazarus activity 2020-12-23 14:43:32 +01:00
Florian Roth 821af35557 Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth 7286d01f78 fix: typo in rule 2020-12-23 13:26:44 +01:00
Florian Roth 80aa398392 rule: Lazarus group loaders 2020-12-23 13:25:16 +01:00
Florian Roth 133b98ffcb Merge pull request #1262 from invrep-de/oscd 
[OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy
 2020-12-21 18:30:21 +01:00
Florian Roth f20f346a6a Merge pull request #1264 from omkar72/sdev-1 
Adding 2 rules - Conhost & office test registry persistence
 2020-12-21 18:28:59 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 377454cb31 Merge pull request #1299 from tjgeorgen/patch-1 
ATT&CK subtechnique tag updates
 2020-12-21 18:24:00 +01:00
Florian Roth 1b0aaf62c3 Merge pull request #1266 from omkar72/ryuk 
modifying couple of rules
 2020-12-13 19:05:54 +01:00
Florian Roth e2ade077ed Merge pull request #1275 from bczyz1/patch-3 
update win_apt_slingshot.yml
 2020-12-13 19:04:47 +01:00
Florian Roth 612008a4d8 fix identation 2020-12-11 18:40:17 +01:00
Tran Trung Hieu edc79a8bb6 Detects suspicious shell spawn from MSSQL process, this might be sight of RCE or SQL Injection 2020-12-11 15:17:23 +07:00
Florian Roth b6d62b7a21 Merge pull request #1302 from Neo23x0/rule-devel 
TA505 Dropper, minor fix in PowerShell Rule
 2020-12-08 10:40:07 +01:00
Florian Roth 640470cefd TA505 Loader Rule 2020-12-08 10:15:30 +01:00
tjgeorgen 1c6c3a36fe include updated RDP att&ck tag 2020-12-04 11:59:23 -05:00
tjgeorgen 0eda1ab462 also update tag for folder variant 2020-12-04 11:42:05 -05:00
tjgeorgen 5208bdd65a add new version of ATT&CK T1500 tag 2020-12-04 11:19:16 -05:00
yugoslavskiy 0188e45925 Update win_malware_script_dropper.yml 2020-12-01 02:12:53 +01:00
yugoslavskiy 30ecc8bd26 Update win_malware_script_dropper.yml 2020-12-01 02:08:52 +01:00
yugoslavskiy 6494103839 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:54:51 +01:00
yugoslavskiy d1b625d080 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:51:47 +01:00
yugoslavskiy 3cbc2f0aec Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:47:23 +01:00
yugoslavskiy 816ce5937c Update win_susp_crackmapexec_execution.yml 2020-12-01 01:29:35 +01:00
yugoslavskiy 56f94a19f7 Update win_regedit_export_keys.yml 2020-11-30 02:08:54 +01:00
Yugoslavskiy Daniil d812a3e08e resolve conflict restoring rule win_susp_replace_lolbin.yml 2020-11-30 01:09:24 +01:00
Yugoslavskiy Daniil 98617609d6 Merge branch 'oscd' into HEAD 2020-11-30 01:07:26 +01:00
Yugoslavskiy Daniil 50623544a2 remove possible duplicate filter 2020-11-29 22:03:19 +01:00
OG 8e801ede32 Update win_susp_psexec_eula.yml 2020-11-29 17:45:29 +05:30
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 7dc5233dd9 Update win_susp_commands_recon_activity.yml 2020-11-28 18:43:04 +01:00
yugoslavskiy 9f8ef95571 Update win_webshell_detection.yml 2020-11-28 18:25:09 +01:00
yugoslavskiy c761d05a17 Update win_system_exe_anomaly.yml 2020-11-28 18:03:19 +01:00
yugoslavskiy 258334d6d1 Update win_susp_wmi_execution.yml 2020-11-28 18:01:06 +01:00
yugoslavskiy c0c74a05df Update win_susp_sysvol_access.yml 2020-11-28 17:49:21 +01:00
yugoslavskiy 3c75bc922a Update win_susp_squirrel_lolbin.yml 2020-11-28 17:47:16 +01:00
yugoslavskiy 42f27a41cb Update win_susp_rundll32_by_ordinal.yml 2020-11-28 17:44:30 +01:00
yugoslavskiy ca0a6547fb Update win_susp_run_locations.yml 2020-11-28 17:42:47 +01:00
Jonhnathan f1455e0c38 Update win_win10_sched_task_0day.yml 2020-11-28 13:42:30 -03:00
Jonhnathan fe3ed329ef Update win_webshell_recon_detection.yml 2020-11-28 13:41:11 -03:00
yugoslavskiy ea550cf551 Update win_susp_regsvr32_anomalies.yml 2020-11-28 17:40:40 +01:00
Jonhnathan f0bf3d13b5 Update win_webshell_detection.yml 2020-11-28 13:38:34 -03:00