security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

23 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 8c1a5fb834 fix: remove sysmon definition 
Removed this definition for now as it's too generic and "obvious"

Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-09 11:01:58 +01:00
Nasreddine Bencherchali 0c581fb62a fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-09 10:31:11 +01:00
Nasreddine Bencherchali 8851420b92 feat: update registry_delete rules 2023-02-08 12:48:51 +01:00
Nasreddine Bencherchali a19a75b0b0 fix: resolves #4015 2023-02-07 14:33:56 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
frack113 5087b95155 Merge remote-tracking branch 'upstream/master' into pormotion_status 2023-01-27 11:29:27 +01:00
frack113 1033b3f404 change status to test 2023-01-27 06:48:34 +01:00
Nasreddine Bencherchali c538550b03 feat: updates and fixes 2023-01-26 22:42:56 +01:00
Nasreddine Bencherchali d9f37de1cf fix: fp found in testing 2023-01-19 18:47:11 +01:00
frack113 940f89d43d Order yaml field 2022-10-26 06:16:55 +02:00
Florian Roth 0d9879506a Update registry_delete_removal_com_hijacking_registry_key.yml 2022-10-21 08:55:34 +02:00
Nasreddine Bencherchali a13a5efd47 More FP tuning 2022-10-20 11:51:06 +02:00
phantinuss cc5cda0a22 fix: needs to be contains now 2022-09-21 14:10:50 +02:00
phantinuss b7f20b884c fix: FPs from new evtx-baseline 2022-09-21 13:51:19 +02:00
Nasreddine Bencherchali 59530f49d4 Fix more FP in testing 2022-09-21 11:53:39 +02:00
Nasreddine Bencherchali 11a322f4f0 New + Update 2022-08-26 15:38:43 +01:00
Nasreddine Bencherchali 95e0e51e11 Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:22:23 +01:00
Nasreddine Bencherchali dfb725171a Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:14:19 +01:00
Nasreddine Bencherchali f704feaf69 New Rules 2022-08-05 17:11:42 +01:00
Nasreddine Bencherchali 12d187bc91 Update Ref+Selection 2 2022-07-11 17:48:40 +01:00
Sittikorn S 3db9232b67 Rename registry_delete_removeal_sd_value_scheduled_task_hide.yml to registry_delete_removal_sd_value_scheduled_task_hide.yml 2022-04-15 20:20:34 +07:00
Sittikorn S 45a0d404ae Create registry_delete_removeal_sd_value_scheduled_task_hide.yml 2022-04-15 20:17:14 +07:00
frack113 fb72fb48a2 Order registry 2022-04-04 15:45:32 +02:00