security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
Nasreddine Bencherchali fb957e2897 fix: add missing quotes and OriginalFileName field 2022-11-10 17:03:31 +01:00
Nasreddine Bencherchali 649bbc86ec fix: renamed and updated the "sc query" rule 2022-11-10 17:03:01 +01:00
Nasreddine Bencherchali c9e755acbf fix: add missing quotes and additional metadata 2022-11-10 17:02:29 +01:00
Florian Roth 2ed2452305 Merge pull request #3689 from phantinuss/master 
Fix yesterday's fix
 2022-11-10 16:40:53 +01:00
Florian Roth 99d8c96ccd Merge pull request #3688 from SigmaHQ/rule-devel 
rule: vuln Lenovo driver load, fix: Dell driver load condition, rule: Sysmon parent proc
 2022-11-10 16:34:21 +01:00
phantinuss 9317454bc8 fix: bcdedit by svchost FP 2022-11-10 16:31:54 +01:00
Florian Roth 3278292559 fix: FPs 2022-11-10 15:01:09 +01:00
Florian Roth 254766170f docs: update description and tags 2022-11-10 14:57:26 +01:00
Florian Roth 19fbbf8265 rule: Sysmon as parent 2022-11-10 14:52:31 +01:00
Florian Roth 71431efd16 fix: hash selection with OR in Dell driver rule 2022-11-10 13:22:04 +01:00
Florian Roth 7ef9893579 rule: vulnerable Lenovo driver 2022-11-10 13:21:31 +01:00
phantinuss 4e60b8abf0 Merge pull request #3686 from qasimqlf/patch-11 
Minor Fix
 2022-11-10 11:54:23 +01:00
Qasim Qlf 097e673df8 Minor Fix 2022-11-10 12:41:43 +05:00
Qasim Qlf 52daec4489 Minor Fix 2022-11-10 12:40:13 +05:00
Florian Roth 9e68c45df0 Merge pull request #3684 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-11-09 20:04:15 +01:00
Florian Roth 2f4eed2fe4 no need to update the modified date here 2022-11-09 18:33:13 +01:00
Florian Roth b4e2530df5 updated modified date 2022-11-09 18:32:47 +01:00
phantinuss 9136963672 fix: filter empty ParentImage which might happen as a race condition on startup 2022-11-09 16:45:00 +01:00
phantinuss 691649d932 fix: bcedit downloaded to C:\Windows\SoftwareDistribution 2022-11-09 16:44:58 +01:00
Nasreddine Bencherchali 39d66b4e94 Merge branch 'master' into nasbench-rule-devel 2022-11-09 16:14:38 +01:00
Nasreddine Bencherchali 5a70e402b3 Update rules 2022-11-09 16:13:17 +01:00
Florian Roth 928f07c366 Merge pull request #3683 from SigmaHQ/rule-devel 
rule: KDC RC4-HMAC downgrade CVE-2022-37966
 2022-11-09 10:19:04 +01:00
Florian Roth 017287804c Merge pull request #3532 from Pooch11/cobalt-pipenames-redcanary 
Update pipe_create_mal__cobaltstrike - Additional criteria from Redcanary
 2022-11-09 10:17:28 +01:00
Florian Roth 026af279de fix: duplicate UUID 2022-11-09 09:56:04 +01:00
Florian Roth 50baf18a68 rule: amsi bypass script - psh rule 2022-11-09 09:48:19 +01:00
Florian Roth c9fe367eae rule: amsi bypass 2022-11-09 09:44:31 +01:00
Yamato Security 5de1fd6f2d Rule add: windows access token abuse (#3675) 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-11-09 09:43:15 +01:00
Ilya_Krestinichev ffb726b6df Create proc_creation_win_susp_ping_del.yml (#3671) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-09 09:42:33 +01:00
Florian Roth 0de60f2b9f revert: changes in krbrelay service rule 2022-11-09 09:33:37 +01:00
Florian Roth f7b91b0f05 rule: kerberos rc4 rule 2022-11-09 09:31:31 +01:00
Florian Roth 869b0962b3 rule: KDC RC4-HMAC downgrade CVE-2022-37966 2022-11-09 09:08:22 +01:00
frack113 2ebb9159fb Update raw_access_thread_disk_access_using_illegitimate_tools.yml 2022-11-08 19:10:05 +01:00
Nasreddine Bencherchali 13fbab9a87 Update image_load_susp_python_image_load.yml 2022-11-08 17:33:45 +01:00
Nasreddine Bencherchali f312455db5 Update rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml 2022-11-08 17:26:24 +01:00
Nasreddine Bencherchali ae2c09f866 Update rules/windows/image_load/image_load_in_memory_powershell.yml 
Co-authored-by: Florian Roth <venom14@gmail.com>
 2022-11-08 17:25:53 +01:00
Nasreddine Bencherchali f7c1d9fe9d Update proc_creation_win_weak_or_abused_passwords.yml 2022-11-08 14:52:42 +01:00
Nasreddine Bencherchali 2e224baa94 Update file_event_win_creation_system_file.yml 2022-11-08 12:49:53 +01:00
Nasreddine Bencherchali f9d54c722f Update file_event_win_susp_dropper.yml 2022-11-08 12:42:47 +01:00
Nasreddine Bencherchali 33bd200a89 Fix FP 2022-11-08 12:32:44 +01:00
Nasreddine Bencherchali 024d76d5e5 Fix typo in conditions 2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali 220e9c2c90 Fix FP 2022-11-08 12:05:38 +01:00
Florian Roth 7a36b5b0b0 Merge pull request #3680 from SigmaHQ/aurora-false-positive-fixing 
fix: dysfunctional rules
 2022-11-07 19:29:16 +01:00
Florian Roth 344741477b Merge pull request #3678 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-07 19:28:26 +01:00
Florian Roth 0d86ec83b5 fix: calc rule logic 2022-11-07 15:31:38 +01:00
Florian Roth 74834a6db0 fix: FPs with mshta execution 2022-11-07 15:22:21 +01:00
phantinuss af2dc36699 new rule for lnk files with lower score 2022-11-07 14:14:04 +01:00
phantinuss 496d1b6a2a fix: add bcedit filter and sort selection 2022-11-07 13:37:11 +01:00
Nasreddine Bencherchali fc8eeb7b1e Fix FP 2022-11-07 12:11:30 +01:00
Nasreddine Bencherchali 841b311dd0 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-11-07 11:57:18 +01:00
Florian Roth 9bf023ceba Merge pull request #3670 from nasbench/fix-false-positives 
Aurora - Fix FP Found In Testing
 2022-11-04 17:56:32 +01:00