security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
frack113 4ce8600749 Merge pull request #3310 from frack113/issue_3309 
Update option
 2022-08-02 09:46:46 +02:00
Florian Roth 46147bb4af Merge pull request #3303 from danielgottt/patch-3 
Create proc_creation_win_dnscmd_discovery.yml
 2022-08-02 09:35:53 +02:00
Florian Roth 54f3b95ca9 Update registry_set_disable_autologger_sessions.yml 2022-08-02 09:25:15 +02:00
Florian Roth 32ee7ead9f Update registry_set_disable_autologger_sessions.yml 2022-08-02 09:22:32 +02:00
Florian Roth abc9aeb829 Update proc_creation_win_reg_delete_services.yml 2022-08-02 09:21:56 +02:00
Florian Roth a94cdaca8b Update registry_set_policies_attachments_tamper.yml 2022-08-02 09:17:08 +02:00
Florian Roth f9716b86e4 Update registry_set_windows_defender_tamper.yml 2022-08-02 09:16:26 +02:00
Florian Roth 225932fef7 Update registry_set_policies_associations_tamper.yml 2022-08-02 09:15:57 +02:00
Florian Roth 8399760902 Merge pull request #3307 from nasbench/webshell-children 
Update Children Of Web Shell Rules
 2022-08-02 09:12:00 +02:00
frack113 211bb6a760 Update option 2022-08-02 09:06:10 +02:00
G Y ebb753814b Update proc_creation_win_false_sysinternalsuite.yml 
Typo + grammatical correction in description field
 2022-08-02 11:19:14 +08:00
Nasreddine Bencherchali be25ff87e2 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:40:34 +01:00
Nasreddine Bencherchali 7f1207957c Update proc_creation_win_sc_delete_av_services.yml 2022-08-01 23:39:08 +01:00
Nasreddine Bencherchali b984ee65b3 Update proc_creation_win_webshell_spawn.yml 2022-08-01 23:28:53 +01:00
Nasreddine Bencherchali f45eba2002 Update proc_creation_lnx_webshell_detection.yml 2022-08-01 23:28:49 +01:00
Nasreddine Bencherchali 921af82587 Update proc_creation_win_reg_import_from_suspicious_paths.yml 2022-08-01 20:25:29 +01:00
Nasreddine Bencherchali 7a326e9b32 Create proc_creation_win_reg_import_from_suspicious_paths.yml 2022-08-01 20:12:40 +01:00
Nasreddine Bencherchali d62d3cc4e0 Update proc_creation_win_sc_delete_av_services.yml 2022-08-01 19:39:58 +01:00
Nasreddine Bencherchali cd7539d7e6 Create proc_creation_win_sc_delete_av_services.yml 2022-08-01 17:52:09 +01:00
Nasreddine Bencherchali f4be1fa931 Update registry_set_policies_attachments_tamper.yml 2022-08-01 17:37:25 +01:00
Nasreddine Bencherchali 1764b51c0b Update + New Rules 2022-08-01 17:37:16 +01:00
Nasreddine Bencherchali 8d615c9d78 Update rules 2022-08-01 16:02:07 +01:00
Nasreddine Bencherchali 38107ed527 Create registry_set_disable_autologger_sessions.yml 2022-08-01 16:01:56 +01:00
Nasreddine Bencherchali 676d8627c5 Merge rules 2 2022-08-01 16:01:51 +01:00
Nasreddine Bencherchali e2afbe3400 Merge rules 1 2022-08-01 16:01:18 +01:00
Daniel Gott a645371e8b Update proc_creation_win_dnscmd_discovery.yml 
implemented suggestions from frack113
 2022-08-01 09:02:04 -04:00
Bhabesh 89a54bcab9 Added rule for Defender DLL sideloading 2022-08-01 16:03:58 +05:45
wikijm 7a67564dfd Update proc_creation_win_powershell_susp_parameter_variation.yml 2022-08-01 06:45:53 +02:00
Daniel Gott f6f1175413 Update proc_creation_win_dnscmd_discovery.yml 
update to selection name
 2022-07-31 19:03:38 -04:00
Daniel Gott 78ca0d324c Update proc_creation_win_dnscmd_discovery.yml 
Modified selection name
 2022-07-31 18:54:34 -04:00
Daniel Gott 7155eb999b Create proc_creation_win_dnscmd_discovery.yml 2022-07-31 18:19:49 -04:00
memory-shards 16fe47a8fa Update proc_creation_win_lolbin_agentexecutor.yml 2022-07-31 15:00:07 -04:00
memory-shards 5646756587 Update proc_creation_win_lolbin_agentexecutor.yml 2022-07-31 13:32:31 -04:00
memory-shards 562d29c432 Create proc_creation_win_lolbin_agentexecutor.yml 
Proposed rule for lolbin AgentExecutor that doesn't have much coverage. Rule created as final project for Detection Engineering with Sigma course final project.
 2022-07-31 12:46:52 -04:00
Florian Roth 83efce33e9 Rename sysmon_file_event_iso.yml to file_event_win_iso_file_mount.yml 2022-07-31 13:58:55 +02:00
Sam0x90 cc67e260fa Merge branch 'SigmaHQ:master' into master 2022-07-31 13:46:19 +02:00
Florian Roth d37bc651c2 fix: missing upper tick 2022-07-31 13:39:34 +02:00
Florian Roth 4747dbfe90 Update and rename sysmon_file_event_ISO.yml to sysmon_file_event_iso.yml 2022-07-31 13:38:40 +02:00
Florian Roth e98d86dd6d Merge pull request #3300 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-07-31 13:35:57 +02:00
Florian Roth 3870fd81a1 Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-07-31 13:23:11 +02:00
Florian Roth 9795bf6f57 fix: FPs with git.exe 2022-07-31 13:22:39 +02:00
Sam0x90 dd392854a9 Merge branch 'SigmaHQ:master' into master 2022-07-31 13:20:15 +02:00
Sam0x90 15a7755338 Updated condition 2022-07-31 12:41:21 +02:00
frack113 67c5b110f4 Sideloading DLL with space path 2022-07-31 08:36:19 +02:00
Sam0x90 c9b6c0b08f Updated title 2022-07-30 13:13:03 +02:00
Sam0x90 2cbafe7c3f Update author 2022-07-30 12:13:59 +02:00
Sam0x90 22d3f33c59 Alpha version of sysmon_file_event_ISO.yml 2022-07-30 12:10:30 +02:00
frack113 ff33b9667e Merge pull request #3297 from phantinuss/master 
fix: FP found in testing environment
 2022-07-30 09:08:10 +02:00
Bailey Bercik 231777eac8 Azure AD SecOps Guide 2022-07-29 19:27:31 +02:00
phantinuss 51db91352a fix: FP found in testing environment 2022-07-29 16:00:19 +02:00