security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

4601 Commits

Author SHA1 Message Date
Jonhnathan 127607c5e7 Remove Additional backslash 2020-11-26 23:14:51 -03:00
Jonhnathan bce74198ab Remove Additional backslash 2020-11-26 23:14:24 -03:00
Jonhnathan fda266adb6 Update win_apt_hurricane_panda.yml 2020-11-26 23:12:26 -03:00
Jonhnathan d0b6694767 Update win_apt_greenbug_may20.yml 2020-11-26 23:05:44 -03:00
Jonhnathan 707fbe048e Update win_apt_evilnum_jul20.yml 2020-11-26 23:05:08 -03:00
Jonhnathan a113c0f3b4 Remove Additional backslash 2020-11-26 23:00:05 -03:00
Jonhnathan d57d7c1e5b Remove Additional backslash 2020-11-26 22:59:35 -03:00
Florian Roth c6fc9de144 New Trickbot wermgr rule 2020-11-26 09:54:27 +01:00
Florian Roth c111ab3141 Improved Trickbot recon rule 2020-11-26 09:54:13 +01:00
bczyz1 05398ae95e change field newprocessname -> image 2020-11-23 13:43:19 +01:00
bczyz1 193021eff8 Update win_apt_slingshot.yml 
fix condition
 2020-11-20 09:19:03 +01:00
Jonhnathan 31e0cfb13f Update win_susp_covenant.yml 2020-11-20 02:36:20 -03:00
Jonhnathan ec1944e2d7 Update win_susp_copy_system32.yml 2020-11-20 02:31:26 -03:00
Jonhnathan 5d7131bbf2 Update win_susp_compression_params.yml 2020-11-20 02:29:41 -03:00
Jonhnathan 32ed588adb Update detection Logic 2020-11-20 02:27:58 -03:00
Jonhnathan b274be8d4e Update detection Logic 2020-11-20 02:25:32 -03:00
Jonhnathan c31c0d981a Update detection logic 2020-11-20 02:23:18 -03:00
Jonhnathan 23edcc6dc6 Update win_susp_certutil_command.yml 2020-11-20 02:21:55 -03:00
Jonhnathan 8af17dda5b Update win_spn_enum.yml 2020-11-20 02:17:31 -03:00
Jonhnathan d5cb4246c2 Remove additional backlash 2020-11-20 02:16:51 -03:00
stvetro 19eb8306d3 Removed unnessary antifalse positive 2020-11-14 09:50:29 +04:00
Florian Roth af4d546408 Merge pull request #1282 from Neo23x0/rule-devel 
fix: FPs with notepad++ GUP rule
 2020-11-10 13:39:28 +01:00
Florian Roth 2e9d7951a6 Merge pull request #1272 from bczyz1/patch-2 
Fix typo in win_apt_lazarus_session_hijack.yml
 2020-11-10 13:35:08 +01:00
Florian Roth f6c0fb2d33 fix: FPs with notepad++ GUP rule 2020-11-09 16:34:12 +01:00
Florian Roth c3785d6dc7 rule: FPs with WmiPrvSE rule 2020-11-05 16:44:33 +01:00
bczyz1 c554aaea8f update win_apt_slingshot.yml 
- optimized rule
- added detection of task modification (flag /change + /disable as described here https://stackoverflow.com/questions/26169582/does-anyone-know-of-a-way-to-turn-off-windows-defragmenters-default-schedule-us)
 2020-11-05 15:51:22 +01:00
yugoslavskiy 2f789c45dc change a syntax a bit to re-run the tests 2020-11-04 22:30:27 +01:00
bczyz1 4a5b2d642e Fix typo in win_apt_lazarus_session_hijack.yml 2020-11-03 14:46:29 +01:00
feedb e93dd7fe61 fix 2020-11-01 15:25:12 +03:00
yugoslavskiy ea71828d34 change syntax a bit to re-run the test 2020-10-31 23:57:13 +01:00
stvetro 8dc8fdc44b Added antifalsepositive condition 
4688 always has non empty cmd
 2020-10-31 12:46:30 +04:00
omkargudhate22 f1bb9726ca updated mitre tag 2020-10-30 13:35:40 +05:30
omkar72 86a849728d ryuk changes 2020-10-30 13:15:11 +05:30
Roberto Rodriguez 25b92d4a2e Merge branch 'master' of https://github.com/Neo23x0/sigma 2020-10-29 21:04:45 -04:00
Semanur Guneysu 46c52b4347 Update sysmon_abusing_debug_privilege.yml 2020-10-28 20:11:29 +03:00
Jonhnathan 28febe5dd2 Update win_apt_chafer_mar18.yml 2020-10-27 23:28:04 -03:00
Jonhnathan 0860978412 Update win_apt_bear_activity_gtr19.yml 2020-10-27 23:26:34 -03:00
Jonhnathan e24e6da3b5 Update win_apt_apt29_thinktanks.yml 2020-10-27 23:24:04 -03:00
Semanur Guneysu 27dbf73c0d Update sysmon_abusing_debug_privilege.yml 
comment added
 2020-10-26 19:25:36 +03:00
invrep-de 8a9db12d30 Enhanced to improve specificity 
Enhanced to improve specificity per feedback received;
 2020-10-26 12:05:16 -04:00
invrep-de dc41f64023 [OSCD] Bad Opsec Defaults Sacrificial Processes 
Incorporate feedback from @yugoslavskiy;
 2020-10-26 11:52:16 -04:00
Semanur Guneysu 1b3cb8a64b Delete .DS_Store 2020-10-26 18:15:57 +03:00
Semanur Guneysu db49c436a3 Update sysmon_abusing_debug_privilege.yml 2020-10-26 18:08:05 +03:00
Semanur Guneysu bc5e9b57e9 Update sysmon_abusing_debug_privilege.yml 2020-10-26 17:45:13 +03:00
Semanur Guneysu 2dab2d420c Update sysmon_abusing_debug_privilege.yml 2020-10-26 15:24:00 +03:00
Semanur Guneysu 4e1143502e Create .DS_Store 2020-10-26 15:18:20 +03:00
Semanur Guneysu cb5a541a5e Update sysmon_abusing_debug_privilege.yml 
NT AUTHORITY\SYSTEM
 2020-10-26 14:56:25 +03:00
Semanur Guneysu 3ff10b160f Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:44:27 +03:00
Semanur Guneysu e65b8249d7 Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:39:43 +03:00
Semanur Guneysu 70beef515d Update sysmon_abusing_debug_privilege.yml 
mitre tag added.Checked.
 2020-10-26 14:01:46 +03:00