security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
Nasreddine Bencherchali f1c9112413 fix: update filename 2023-01-22 01:04:27 +01:00
Nasreddine Bencherchali a530e7ad36 fix: add more detail 2023-01-22 01:00:55 +01:00
Florian Roth 52a4985dce rule: susp svchost sub process 2023-01-21 23:45:22 +01:00
Nasreddine Bencherchali ecaf89dd91 fix: fp with powercat 2023-01-21 18:15:37 +01:00
frack113 63045048e3 Merge pull request #3910 from cyb3rjy0t/patch-3 
ADS stored DLL execution using Rundll32
 2023-01-21 13:24:22 +01:00
Nasreddine Bencherchali 585f3a2f36 fix: update regex 2023-01-21 13:02:11 +01:00
Nasreddine Bencherchali 72fe5040f9 Merge pull request #3944 from nasbench/nasbench-rule-devel 
feat: new rules and fp fixes
 2023-01-21 12:46:46 +01:00
frack113 4df3a09ce8 Merge pull request #3943 from SigmaHQ/rule-devel 
Extended some rules with suspicious sub processes
 2023-01-21 12:37:29 +01:00
Nasreddine Bencherchali ae0fe8393e fix: optimize pwsh reg logging tamper rule 2023-01-21 12:28:28 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali 7bce67f940 fix: file extension 2023-01-21 11:52:13 +01:00
Nasreddine Bencherchali 928e77881f feat: new rule related to psexec key file 2023-01-21 11:48:40 +01:00
Nasreddine Bencherchali 9ef8565556 fix: filename 2023-01-21 11:41:44 +01:00
Nasreddine Bencherchali 9f3537498c fix: remove net 2023-01-21 11:28:27 +01:00
Nasreddine Bencherchali 2ad9d65f75 fix: filter and add missing modified 2023-01-21 11:26:13 +01:00
Nasreddine Bencherchali 933cd0df7d fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-21 11:23:17 +01:00
frack113 d16c756ee8 Merge pull request #3936 from nikitah4x/master 
Add new rule to detect a new admin role assignment in Okta
 2023-01-21 11:12:44 +01:00
Florian Roth 9aeb191999 Merge branch 'master' into rule-devel 2023-01-21 08:55:12 +01:00
Florian Roth 8c14f9cddb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2023-01-21 08:55:06 +01:00
Florian Roth 18600eaef4 refactor: extended some exploitation rules - sub procs 
https://twitter.com/skept1kal/status/1616647571904020481
 2023-01-21 08:55:04 +01:00
Micah Babinski f5197d20d1 Reformulated rule. 2023-01-20 13:41:56 -08:00
z00t 9cc61a6e60 Single quotes added to non-integer values. 2023-01-20 23:28:23 +05:00
z00t 44a7b78950 New Rule is created. 2023-01-20 23:09:56 +05:00
z00t e27d79e21a New detection rule. 2023-01-20 21:29:31 +05:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali 5710475311 feat: update pwsh reg logging tamper 2023-01-20 16:19:50 +01:00
nikitah4x 8015b445fd Update okta_admin_role_assignment_created.yml 2023-01-20 15:47:36 +02:00
nikitah4x 411b1a44e7 Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:42:22 +02:00
nikitah4x a25fdddb0d Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:42:15 +02:00
nikitah4x 44a3371d8a Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:41:32 +02:00
z00t cc511af55e Create github_delete action_invoked.yaml 2023-01-20 18:14:14 +05:00
Nasreddine Bencherchali 9fe829af52 feat: new rules related to CVE-2022-44877 2023-01-20 13:51:17 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali a98698f6a8 fix: apply suggestions from code review 2023-01-20 10:04:48 +01:00
Nasreddine Bencherchali bfcbc1adbc Merge pull request #3937 from nasbench/nasbench-rule-devel 
feat: fp fixes and enhancements
 2023-01-20 10:03:54 +01:00
Nasreddine Bencherchali f9aa98b438 Merge pull request #3939 from tropChaud/patch-2 
Update and rename proc_creation_win_sqlite_firefox_cookies.yml to pro…
 2023-01-20 10:03:40 +01:00
frack113 6de42e0996 Update proc_creation_win_sqlite_firefox_gecko_profile_data.yml 2023-01-20 09:57:09 +01:00
Nasreddine Bencherchali 4d44aa01dd fix: update description 2023-01-20 09:51:26 +01:00
Nasreddine Bencherchali 51b5f6883b fix: update description 2023-01-20 09:51:15 +01:00
Nasreddine Bencherchali 6d6721ba24 fix: reposition selection for readability 2023-01-20 09:46:24 +01:00
Micah Babinski 5431929739 Added external remote service logon from public IP rule. 2023-01-19 15:04:25 -08:00
IntelScott 8a0cc0880d Update and rename proc_creation_win_sqlite_firefox_cookies.yml to proc_creation_win_sqlite_firefox_gecko_profile_data.yml 
Updated logic to expand database file coverage

Updated description to clarify this logic applies to other Gecko-based browsers too, as targeted recently by some stealers
 2023-01-19 17:55:12 -05:00
IntelScott 0630d0d01f Update and rename proc_creation_win_sqlite_chrome_cookies.yml to proc_creation_win_sqlite_chromium_profile_data.yml 
Updated to expand browser and database file coverage
 2023-01-19 17:52:30 -05:00
Nasreddine Bencherchali 1a9efa1002 feat: wmiprvse rule updates and merger 2023-01-19 23:10:06 +01:00
Nasreddine Bencherchali 0909b65bff feat: update sharing websites 2023-01-19 22:07:31 +01:00
Nasreddine Bencherchali a7c7816b96 fix: driverquery condition and selection 2023-01-19 21:52:37 +01:00
Nasreddine Bencherchali fa1ede8c68 feat: new rules for driverquery 2023-01-19 21:50:10 +01:00
Nasreddine Bencherchali 7538086e58 fix: broken condition 2023-01-19 21:49:55 +01:00
Nasreddine Bencherchali 1e57208fa2 fix: update broken selection 2023-01-19 21:33:29 +01:00
nikitah4x 13a26aaffa Create okta_admin_role_assignment_created.yml 2023-01-19 21:22:58 +02:00