security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 47572e08c8 fix: remove additional space 2022-12-27 14:27:55 +01:00
Nasreddine Bencherchali de704d285a feat: new rule related to CVE-2022-46169 2022-12-27 14:22:53 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
sai prashanth pulisetti 8b05818559 Create proc_creation_win_SharpImpersonation_tool.yml (#3823) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-27 12:02:22 +01:00
Florian Roth 0cd5eb375d Merge branch 'master' into rule-devel 2022-12-27 11:58:53 +01:00
Florian Roth 65f92dcd47 rule: HTran / NATBypass usage 2022-12-27 11:58:44 +01:00
tuan 2d759cad94 Add rule delete group or user (#3822) 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 11:21:14 +01:00
BlueTeamOps 1d8256fa69 Update lnx_auditd_debugfs_usage.yml 2022-12-25 09:47:19 +11:00
BlueTeamOps 81d8d1a5a7 replaced timeframe with timespan 2022-12-25 08:10:03 +11:00
BlueTeamOps 976d994cee Updated to include additional tools 
Expanded the list of Linux tools that may be used to obtain volume meta info and also included the auditd.
Removed specific switches for tools as those tools and debugfs exec within that time period will be rare.
 2022-12-25 07:57:18 +11:00
frack113 8ea3999754 Merge pull request #3302 from memory-shards/master 
Create proc_creation_win_lolbin_agentexecutor.yml
 2022-12-24 15:45:35 +01:00
Nasreddine Bencherchali 794d93c298 fix: broken selection 2022-12-24 14:11:32 +01:00
Nasreddine Bencherchali e7d6bf7cab fix: enhance logic of AgentExecutor rules 2022-12-24 14:10:21 +01:00
BlueTeamOps de84fbcd62 lnx_auditd_debugfs_usage.yml 2022-12-24 23:41:20 +11:00
Nasreddine Bencherchali e6baac1bf2 fix: exclude teamviewer fp & reduce severity 2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali 21f5bf8536 feat: new rules related to rat software based on #2841 2022-12-23 20:42:51 +01:00
frack113 271460062e Merge pull request #3815 from nasbench/aadinternals-rules 
feat: new aadinternals related rules
 2022-12-23 20:20:07 +01:00
frack113 5fdad241ea Update proc_creation_win_lolbin_agentexecutor.yml 2022-12-23 20:11:55 +01:00
Nasreddine Bencherchali b19abdaeda fix: date position 2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali 5a8808e0ac fix: wrong category 2022-12-23 19:27:34 +01:00
Nasreddine Bencherchali 1f38e15bb4 fix: fp section 2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali 92e4081de3 fix: duplicate title 2022-12-23 19:20:43 +01:00
Nasreddine Bencherchali 28664d5bb3 feat: new aadinternals related rules 2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali 0aa6f26a6f feat: updates and enhancements 2022-12-23 18:37:59 +01:00
frack113 756f98f0ec Merge pull request #3813 from frack113/issue_575 
Some rules for  Issue 575
 2022-12-23 13:38:21 +01:00
frack113 df015e555c Add more ref 2022-12-23 13:22:50 +01:00
Nasreddine Bencherchali a1b2e0ee81 Merge pull request #3781 from blueteam0ps/aws_det 
Multiple AWS detection rules
 2022-12-23 12:41:15 +01:00
frack113 546e53fb35 Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-23 12:34:56 +01:00
frack113 32b7ef47df Add count condition 2022-12-23 12:32:05 +01:00
frack113 bee5b2f252 Issue 575 page 43 2022-12-23 11:10:17 +01:00
Nasreddine Bencherchali a3f897606f fix: enhance metadata information 2022-12-23 11:01:57 +01:00
frack113 b200b5dedb Fix title 2022-12-23 10:58:11 +01:00
frack113 9617cdd4ea Issue 575 page 42 2022-12-23 10:50:34 +01:00
Nasreddine Bencherchali 03cc78e916 feat: filename test enhancements (#3812) 2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali 57e51cca2a fix: typo in near operator 2022-12-22 16:08:21 +01:00
Nasreddine Bencherchali 3fc4390767 Merge pull request #3809 from qasimqlf/patch-18 
fix: updated targetUserName and ipAddress
 2022-12-22 15:16:52 +01:00
Florian Roth 9aa823fe3b Merge pull request #3810 from nasbench/nasbench-rule-devel 
feat: rule dev and updates
 2022-12-22 15:04:08 +01:00
Nasreddine Bencherchali 17aae0161d fix: add other missing encoded @ symbol 2022-12-22 14:55:20 +01:00
Nasreddine Bencherchali d6b6984567 fix: add encoded @ symbol 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-12-22 14:53:34 +01:00
Nasreddine Bencherchali 74f198460e fix: add good ua as filter 2022-12-22 14:50:30 +01:00
Nasreddine Bencherchali 62a828e184 feat: more updates 2022-12-22 14:45:53 +01:00
Nasreddine Bencherchali 7ed105bccb fix: add response code 2022-12-22 14:36:32 +01:00
Nasreddine Bencherchali 8fd9181392 fix: typo in selection 2022-12-22 14:35:22 +01:00
Nasreddine Bencherchali cc3dce61d7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-22 14:25:50 +01:00
Nasreddine Bencherchali 3b54d8de79 fix: metadata 2022-12-22 12:20:18 +01:00
Nasreddine Bencherchali f79c09c1ff fix: duplicate id 2022-12-22 12:14:55 +01:00
Nasreddine Bencherchali e61795a1ea feat: proxynotshell owa variant rules 2022-12-22 12:10:29 +01:00
frack113 a9a0d6217d Merge pull request #3808 from veramine/patch-11 
Remove Logitech auto-updater false positive
 2022-12-22 10:37:45 +01:00
Nasreddine Bencherchali 653b498315 fix: update modified field 2022-12-22 10:31:25 +01:00
Qasim Qlf 29377ddfff fix: updated targetUserName and ipAddress 2022-12-22 14:16:25 +05:00