security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 9e3bbf5e71 fix: remove typo dash 2023-02-03 20:20:31 +01:00
Nasreddine Bencherchali d89e36247a fix: remove space from nltest rule 2023-02-03 20:18:16 +01:00
Nasreddine Bencherchali fc316d8638 feat: even more updates 2023-02-03 20:17:09 +01:00
Nasreddine Bencherchali b017bc5f88 fix: resolves #4005 2023-02-03 19:15:26 +01:00
Nasreddine Bencherchali 767fd84bd4 feat: more updates 2023-02-03 19:03:51 +01:00
Nasreddine Bencherchali 28a60a1eab fix: update reference link 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 18:47:43 +01:00
Florian Roth 791d3a8e9a Merge pull request #4006 from SigmaHQ/rule-devel 
refactor: AV signature rules updated
 2023-02-03 17:13:56 +01:00
Florian Roth 3f75cd0844 Update proc_creation_win_right_to_left_override.yml 2023-02-03 15:43:30 +01:00
Zeta 4cbc8f2ca1 Update Rundll32 execute VBscript command using Ordinal number 2023-02-03 21:43:05 +07:00
Florian Roth bf8c8604ce exchange the unicode char with the hex representation 2023-02-03 15:41:46 +01:00
Zeta ca5064cf00 update permalink 2023-02-03 21:30:14 +07:00
Florian Roth 619dada1c8 fix: short identifier that could cause FPs 2023-02-03 15:29:53 +01:00
Florian Roth 2b8b5f62f4 refactor: AV signature rules updated 2023-02-03 15:22:19 +01:00
Qasim Qlf 2519122a13 Update rules/windows/process_creation/proc_creation_win_regedit_import_keys_ads.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 19:12:36 +05:00
Qasim Qlf 469e2a1368 Update rules/windows/process_creation/proc_creation_win_tool_nircmd.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 19:02:10 +05:00
Qasim Qlf 119c74941f Update rules/windows/process_creation/proc_creation_win_termserv_proc_spawn.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 19:01:23 +05:00
Qasim Qlf 78419eb9cc Update rules/windows/process_creation/proc_creation_win_whoami_priv.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 19:00:51 +05:00
Qasim Qlf 5bd3aba86c Update proc_creation_win_python_pty_spawn.yml 2023-02-03 16:14:20 +05:00
Qasim Qlf 4d571872ec fix: condition 2023-02-03 15:57:29 +05:00
Qasim Qlf c794427246 fix: condition 2023-02-03 15:56:19 +05:00
Qasim Qlf 2d5bd84433 Update proc_creation_win_regedit_import_keys.yml 2023-02-03 15:54:59 +05:00
Qasim Qlf 733293993b fix: condition 2023-02-03 15:53:33 +05:00
Qasim Qlf 71c2be5507 Update proc_creation_win_whoami_priv.yml 2023-02-03 15:33:26 +05:00
Qasim Qlf 5505ff28d9 Update proc_creation_win_tool_nircmd.yml 2023-02-03 14:40:40 +05:00
Qasim Qlf 6279532a13 Update proc_creation_win_termserv_proc_spawn.yml 2023-02-03 14:34:34 +05:00
Qasim Qlf 18c4acce2d update: condition name 2023-02-03 14:34:09 +05:00
Zeta 45010540d7 proc_creation_win_susp_rundll32_script_run.yml 
Fixed link and removed "RunHTMLApplication" cause it can also use with "Ordinal number".
 2023-02-03 15:25:57 +07:00
Nasreddine Bencherchali fc818bbbdc feat: multiple updates and fixes 2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali 6c153bff3f Merge pull request #3995 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-02 21:40:21 +01:00
Nasreddine Bencherchali 8fc7f741d9 fix: apply escape suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 21:34:54 +01:00
Nasreddine Bencherchali b80a81aba8 fix: wrong escape 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 20:07:13 +01:00
Nasreddine Bencherchali 307ecf5694 fix: typos in titles and descriptions of rules 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali cbf114c9a8 fix: update wildcard selection 2023-02-02 10:53:59 +01:00
Nasreddine Bencherchali c68531e688 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-02 10:52:04 +01:00
Nasreddine Bencherchali d08acc18ae fix: add missing modified field 2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali 0663b4e3f4 feat: more updates 2023-02-02 00:24:35 +01:00
frack113 9ad58353a7 Update from review 2023-02-01 18:30:45 +01:00
frack113 c1ef84fd66 Merge remote-tracking branch 'upstream/master' into pr/3989 2023-02-01 18:27:51 +01:00
frack113 3d8b82805c Merge pull request #3992 from D4rkCiph3r/osacompile 
Create proc_creation_macos_osacompile_run-only_execution.yml
 2023-02-01 18:17:00 +01:00
frack113 f121041cf0 Merge pull request #3991 from D4rkCiph3r/macro-osa 
Create proc_creation_macos_macros_execution.yml
 2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali 55f16c3f84 fix: update metadata and logic 2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali d8b17f1d9f fix: add ref and update description 2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali 0cddb6194c Merge pull request #3993 from D4rkCiph3r/patch-1 
feat: add new extension to osascript rule
 2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali 04227055e4 fix: add reference 2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali ac85d5ebff Merge pull request #3997 from nasbench/update-nextron-authors 
chore: add nextron authors tag
 2023-02-01 17:07:25 +01:00
Micah Babinski 266d13d441 Re-added missing level 2023-02-01 07:38:24 -08:00
Micah Babinski f5e7db38a6 Added rule for RLO character in command line 2023-02-01 07:34:23 -08:00
Nasreddine Bencherchali 31a5c08480 fix: reduce author set 2023-02-01 14:34:46 +01:00
Nasreddine Bencherchali beebafe9ce fix: special case 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-01 13:22:11 +01:00