security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

4601 Commits

Author SHA1 Message Date
Semanur Guneysu 173df7ff3b Update sysmon_abusing_debug_privilege.yml 2020-10-07 17:31:28 +03:00
Semanur Guneysu 8d09b55699 Added category field 2020-10-07 17:25:32 +03:00
Semanur Guneysu 6e8d9b9be2 Migrated to the process_creation category. 2020-10-07 17:11:38 +03:00
Jonhnathan e6a6549676 Create win_susp_replace_lolbin.yml 
Item 77 of #1014
 2020-10-07 10:37:15 -03:00
Yuliya Fomina f0f419df78 Create win_susp_pester.yml 2020-10-07 15:19:45 +03:00
esebese 18da272de4 [OSCD] win_visual_basic_compiler.yml added 2020-10-07 15:04:12 +03:00
grikos 9df6608239 Remove asterisk from condition 
Change 
        ParentCommandLine:
            - 'setupapi.dll*InstallHinfSection'
to
        ParentCommandLine|contains|all:
            - 'setupapi.dll'
            - 'InstallHinfSection'

because some LM/SIEM systems don't process '*' as Splunk or Elasticsearch
 2020-10-07 14:54:13 +03:00
nsaddler 59610517a0 Update sysmon_long_powershell_commandline.yml 2020-10-07 14:10:26 +03:00
nsaddler df21dab585 Update sysmon_long_powershell_commandline.yml 2020-10-07 14:00:41 +03:00
nsaddler e01e26be1c Update sysmon_long_powershell_commandline.yml 2020-10-07 13:55:17 +03:00
Наталья Шорникова 7d8445fe12 [OSCD] Too Long Powershell CommandLine Rule added 2020-10-07 13:42:05 +03:00
Vasilisa-L da578a8bb0 Update win_susp_winrm_execution.yml 2020-10-07 12:30:57 +03:00
Yuliya Fomina 729e1f6f7f Сreate win_susp_winrm_execution 2020-10-07 12:20:37 +03:00
Yuliya Fomina ab8e9ed8e7 Create win_susp_winrm_AWL_bypass 2020-10-07 12:07:20 +03:00
grikos 391af43708 Update description & references 2020-10-07 10:32:51 +03:00
svch0stz c879378e35 Update win_susp_mounted_share_deletion.yml 2020-10-07 17:46:13 +11:00
svch0stz dabc092ab9 Create win_susp_mounted_share_deletion.yml 2020-10-07 17:34:48 +11:00
Vasilisa-L 5d01f71f62 CommandLine|contains -> CommandLine|contains|all: 
Replaced wildcard expression with list of values
 2020-10-07 08:43:22 +03:00
grikos 49119e162f Delete win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 01:04:59 +03:00
grikos a5478950c7 Create win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 00:34:00 +03:00
grikos 9d9f0bc373 Create win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 00:18:41 +03:00
svch0stz 3d048ceba0 Update win_susp_copy_lateral_movement.yml 2020-10-07 08:18:09 +11:00
svch0stz ee2c79745f Update win_susp_wsl_lolbin.yml 2020-10-07 08:12:51 +11:00
grikos 6e02e6ac19 Change title and update description 2020-10-06 19:52:31 +03:00
Furkan CALISKAN bbb9fed3e6 Fixed for FP issues 2020-10-06 19:51:55 +03:00
ensar-pcs 60b3450fa8 [OSCD] win_syncappvpublishingserver_exe.yml added 2020-10-06 19:22:16 +03:00
Furkan CALISKAN 0023a22ead Added FP conditions and fileshare part for cmdline 2020-10-06 19:20:19 +03:00
Furkan CALISKAN a5ceba93a9 Fixed conditions 2020-10-06 19:15:30 +03:00
Furkan CALISKAN 52edc13d15 Fixed dates 2020-10-06 19:10:33 +03:00
grikos 79503c63dd fixed typo in att&ck mapping tag 2020-10-06 12:22:19 +03:00
grikos b93e64cd96 Update title according with the guideline 2020-10-06 11:59:20 +03:00
grikos 2638e2a80e newline at the end of file 2020-10-06 10:35:12 +03:00
grikos 6ae36993d9 Create win_susp_vboxdrvInst.yml 2020-10-06 10:18:34 +03:00
Vasilisa-L 5b31b8755d Update win_susp_pcwutl.yml 2020-10-06 08:55:01 +03:00
Vasiliy Burov 3f1d44e751 Update win_hack_hydra.yml 2020-10-05 23:52:55 +03:00
Vasiliy Burov f38738e530 Update win_hack_hydra.yml 2020-10-05 23:34:30 +03:00
Furkan CALISKAN ea6d60c58f Added print lolbin 2020-10-05 23:26:57 +03:00
Vasiliy Burov f6ec8673da Update win_hack_hydra.yml 2020-10-05 23:24:59 +03:00
Vasiliy Burov 6a01193661 Update win_hack_hydra.yml 2020-10-05 23:24:08 +03:00
Vasiliy Burov df704ba4fb Create win_hack_hydra.yml 2020-10-05 23:05:27 +03:00
Furkan CALISKAN db4804d6bf Merge branch 'master' of https://github.com/caliskanfurkan/sigma 2020-10-05 23:03:21 +03:00
Furkan CALISKAN 4d655138b2 Added findstr lolbin 2020-10-05 23:03:05 +03:00
Yuliya Fomina 815aa3c719 Edited win_susp_pcwutl 2020-10-05 14:00:21 +03:00
Furkan ÇALIŞKAN b147fc3296 Update win_susp_explorer.yml 
Added known-fp
 2020-10-05 13:22:43 +03:00
Yuliya Fomina 39f955d24d Revert "Create win_susp_pester.yml" 
This reverts commit 577daa378a.
 2020-10-05 13:14:35 +03:00
Yuliya Fomina 577daa378a Create win_susp_pester.yml 2020-10-05 12:22:50 +03:00
Yuliya Fomina ffc768e262 Create win_susp_pcwutl.yml 2020-10-05 11:30:24 +03:00
Furkan ÇALIŞKAN 85962665fd Update win_susp_explorer.yml 2020-10-05 10:49:54 +03:00
svch0stz 60bd6a3692 Update win_susp_copy_lateral_movement.yml 2020-10-05 14:35:20 +11:00
svch0stz dd2ab4082d Update win_susp_copy_lateral_movement.yml 2020-10-05 14:33:00 +11:00