security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

11789 Commits

Author SHA1 Message Date
phantinuss 08b801aaff fix: FPs with IPv6 adresses 2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Qasim Qlf f7e2fc1682 Update proc_creation_win_vul_java_remote_debugging.yml 2023-02-01 11:02:57 +05:00
frack113 cd58c1baef fix title case 2023-02-01 06:35:26 +01:00
Nasreddine Bencherchali 9c0eae7590 fix: remove kerberos generic filters 2023-01-31 22:18:32 +01:00
Nasreddine Bencherchali 3e24998fe1 feat: add add-appxpackage cmdlet rules 2023-01-31 22:11:32 +01:00
frack113 2b198b7c32 Merge pull request #3971 from frack113/order_rule_folder 
Order root rules folder
 2023-01-31 21:05:28 +01:00
frack113 00d731bcb5 Merge pull request #3990 from qasimqlf/patch-28 
Update proc_creation_win_purplesharp_indicators.yml
 2023-01-31 17:49:01 +01:00
frack113 26575cc2e0 Update proc_creation_macos_applescript.yml 2023-01-31 17:46:43 +01:00
frack113 66700a69e2 Merge pull request #3994 from ionsor/patch-8 
Update proc_creation_lnx_hack_tools.yml
 2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali 55bf797563 fix: selection again 2023-01-31 17:40:17 +01:00
Nasreddine Bencherchali 97f35b7a4d Merge pull request #3980 from nasbench/blackberry-rules-cti-2023 
feat: new rules from blackberry
 2023-01-31 17:23:24 +01:00
Nasreddine Bencherchali 2684f0f63c fix: remove unnecessary entry 2023-01-31 17:21:42 +01:00
Nasreddine Bencherchali 412efdad03 fix: update selection 2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali 164ee358c3 fix: update modified date 2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali 6a337151d1 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 17:11:18 +01:00
Feathers 8f6242c35f Update proc_creation_lnx_hack_tools.yml 
added to the list of hacking tools, Linpeas, a privilege escalation script
 2023-01-31 17:01:17 +01:00
D4rkCiph3r 596f5471f4 Merge branch 'SigmaHQ:master' into osacompile 2023-01-31 19:22:47 +05:30
D4rkCiph3r ce577987a2 Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml 2023-01-31 19:20:06 +05:30
D4rkCiph3r c3b826a76c Update proc_creation_macos_applescript.yml 
minor updates to the CLI parameters, based on real-world observations
 2023-01-31 19:16:15 +05:30
Nasreddine Bencherchali 3f8bd9f51f fix: further improve detection section 2023-01-31 14:35:09 +01:00
D4rkCiph3r 440649b087 Create proc_creation_macos_osacompile_run-only_execution.yml 2023-01-31 19:03:35 +05:30
D4rkCiph3r 4c28487480 New Rule for T1115 macOS (#3988) 
feat: add new rule related to osascript reading clipboard
 2023-01-31 14:32:08 +01:00
Nasreddine Bencherchali 995bf1a725 Merge pull request #3979 from nasbench/nasbench-rule-devel 
feat: multiple updates and enhancements
 2023-01-31 14:30:31 +01:00
Nasreddine Bencherchali 2f6d1f042c fix: update detection section 2023-01-31 14:28:11 +01:00
Nasreddine Bencherchali 34eddd3c31 Merge pull request #3985 from qasimqlf/patch-25 
fix: optimize detection logic
 2023-01-31 14:25:20 +01:00
D4rkCiph3r e4ace3d363 Create proc_creation_macos_macros_execution.yml 2023-01-31 18:48:03 +05:30
Qasim Qlf dab39e199c Update proc_creation_win_purplesharp_indicators.yml 2023-01-31 18:15:06 +05:00
Nasreddine Bencherchali 33952874f1 fix: update selection 2023-01-31 14:14:50 +01:00
frack113 8b321ba0b2 Order root rules folder 2023-01-31 14:05:08 +01:00
frack113 dfe448aba6 Merge pull request #3983 from qasimqlf/patch-24 
fix: value
 2023-01-31 13:50:02 +01:00
frack113 93f9f1b5f3 Merge pull request #3987 from qasimqlf/patch-27 
fix: selection
 2023-01-31 13:46:35 +01:00
frack113 9249996504 Update proc_creation_win_lolbin_pktmon.yml 2023-01-31 13:41:54 +01:00
frack113 38cad68b51 Merge pull request #3982 from qasimqlf/patch-23 
fix: condition
 2023-01-31 13:38:50 +01:00
frack113 67cf2bc4d1 Merge pull request #3981 from qasimqlf/patch-22 
fix: value
 2023-01-31 13:38:17 +01:00
D4rkCiph3r 21ac747d36 Update proc_creation_macos_jxa_payoad_execution.yml 
updated the formats wrt fields structuring
 2023-01-31 17:35:27 +05:30
D4rkCiph3r 98250cba9c Create proc_creation_macos_jxa_payoad_execution.yml 2023-01-31 17:23:24 +05:30
Nasreddine Bencherchali 4006145b8d fix: filename 2023-01-31 12:53:04 +01:00
Nasreddine Bencherchali eb26d94c14 fix: order fields and optimize selection 2023-01-31 12:42:20 +01:00
Nasreddine Bencherchali e158d6c1eb feat: add shadow file 2023-01-31 12:25:33 +01:00
D4rkCiph3r f67072fddc Update proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:54:29 +05:30
D4rkCiph3r 87879f69cf Update proc_creation_macos_jxa_in-memory_execution.yml 
Indentation corrections and comments
 2023-01-31 16:52:17 +05:30
D4rkCiph3r aa3fa9b7e4 Create proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:06:39 +05:30
Nasreddine Bencherchali 29c2d6e8e4 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-31 11:16:29 +01:00
Nasreddine Bencherchali cbff9dee99 fix: update selections 2023-01-31 11:10:53 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Qasim Qlf 6142fe6c59 fix: selection 2023-01-31 14:59:57 +05:00
Nasreddine Bencherchali 12be5dbf42 fix: apply suggestions from code review 2 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 10:57:41 +01:00
Qasim Qlf 1be917f696 fix: optimize detection logic 2023-01-31 14:35:51 +05:00
Qasim Qlf d52db9c541 fix: value 2023-01-31 13:02:08 +05:00