security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali 412efdad03 fix: update selection 2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali 164ee358c3 fix: update modified date 2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali 6a337151d1 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 17:11:18 +01:00
Feathers 8f6242c35f Update proc_creation_lnx_hack_tools.yml 
added to the list of hacking tools, Linpeas, a privilege escalation script
 2023-01-31 17:01:17 +01:00
D4rkCiph3r 596f5471f4 Merge branch 'SigmaHQ:master' into osacompile 2023-01-31 19:22:47 +05:30
D4rkCiph3r ce577987a2 Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml 2023-01-31 19:20:06 +05:30
D4rkCiph3r c3b826a76c Update proc_creation_macos_applescript.yml 
minor updates to the CLI parameters, based on real-world observations
 2023-01-31 19:16:15 +05:30
Nasreddine Bencherchali 3f8bd9f51f fix: further improve detection section 2023-01-31 14:35:09 +01:00
D4rkCiph3r 440649b087 Create proc_creation_macos_osacompile_run-only_execution.yml 2023-01-31 19:03:35 +05:30
D4rkCiph3r 4c28487480 New Rule for T1115 macOS (#3988) 
feat: add new rule related to osascript reading clipboard
 2023-01-31 14:32:08 +01:00
Nasreddine Bencherchali 995bf1a725 Merge pull request #3979 from nasbench/nasbench-rule-devel 
feat: multiple updates and enhancements
 2023-01-31 14:30:31 +01:00
Nasreddine Bencherchali 2f6d1f042c fix: update detection section 2023-01-31 14:28:11 +01:00
Nasreddine Bencherchali 34eddd3c31 Merge pull request #3985 from qasimqlf/patch-25 
fix: optimize detection logic
 2023-01-31 14:25:20 +01:00
D4rkCiph3r e4ace3d363 Create proc_creation_macos_macros_execution.yml 2023-01-31 18:48:03 +05:30
Qasim Qlf dab39e199c Update proc_creation_win_purplesharp_indicators.yml 2023-01-31 18:15:06 +05:00
Nasreddine Bencherchali 33952874f1 fix: update selection 2023-01-31 14:14:50 +01:00
frack113 8b321ba0b2 Order root rules folder 2023-01-31 14:05:08 +01:00
frack113 dfe448aba6 Merge pull request #3983 from qasimqlf/patch-24 
fix: value
 2023-01-31 13:50:02 +01:00
frack113 93f9f1b5f3 Merge pull request #3987 from qasimqlf/patch-27 
fix: selection
 2023-01-31 13:46:35 +01:00
frack113 9249996504 Update proc_creation_win_lolbin_pktmon.yml 2023-01-31 13:41:54 +01:00
frack113 38cad68b51 Merge pull request #3982 from qasimqlf/patch-23 
fix: condition
 2023-01-31 13:38:50 +01:00
frack113 67cf2bc4d1 Merge pull request #3981 from qasimqlf/patch-22 
fix: value
 2023-01-31 13:38:17 +01:00
D4rkCiph3r 21ac747d36 Update proc_creation_macos_jxa_payoad_execution.yml 
updated the formats wrt fields structuring
 2023-01-31 17:35:27 +05:30
D4rkCiph3r 98250cba9c Create proc_creation_macos_jxa_payoad_execution.yml 2023-01-31 17:23:24 +05:30
Nasreddine Bencherchali 4006145b8d fix: filename 2023-01-31 12:53:04 +01:00
Nasreddine Bencherchali eb26d94c14 fix: order fields and optimize selection 2023-01-31 12:42:20 +01:00
Nasreddine Bencherchali e158d6c1eb feat: add shadow file 2023-01-31 12:25:33 +01:00
D4rkCiph3r f67072fddc Update proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:54:29 +05:30
D4rkCiph3r 87879f69cf Update proc_creation_macos_jxa_in-memory_execution.yml 
Indentation corrections and comments
 2023-01-31 16:52:17 +05:30
D4rkCiph3r aa3fa9b7e4 Create proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:06:39 +05:30
Nasreddine Bencherchali 6941d14ce0 fix: revert related field for deprecated rules 2023-01-31 11:25:07 +01:00
Nasreddine Bencherchali 29c2d6e8e4 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-31 11:16:29 +01:00
Nasreddine Bencherchali cbff9dee99 fix: update selections 2023-01-31 11:10:53 +01:00
Nasreddine Bencherchali f2643c6043 Merge pull request #3940 from mbabinski/master 
feat: add external remote service logon from public IP rule.
 2023-01-31 11:04:50 +01:00
Qasim Qlf 6142fe6c59 fix: selection 2023-01-31 14:59:57 +05:00
Nasreddine Bencherchali 2817c6085c feat: add cidr modifier to the test 2023-01-31 10:58:29 +01:00
Nasreddine Bencherchali 12be5dbf42 fix: apply suggestions from code review 2 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 10:57:41 +01:00
Qasim Qlf 1be917f696 fix: optimize detection logic 2023-01-31 14:35:51 +05:00
Qasim Qlf d52db9c541 fix: value 2023-01-31 13:02:08 +05:00
Qasim Qlf c9b693e4a0 fix: condition 2023-01-31 12:50:28 +05:00
Qasim Qlf e1913adfc5 fix: value 2023-01-31 12:25:32 +05:00
frack113 9e51af56ca Merge pull request #3974 from MarkMorow/master 
Update tags for MITRE ATT&CK
 2023-01-31 07:34:34 +01:00
Nasreddine Bencherchali 6a65920dd6 feat: new rules from blackberry 2023-01-31 00:38:06 +01:00
Nasreddine Bencherchali c8cd7ea070 fix: add missing modified for deprecated rules 2023-01-30 21:04:46 +01:00
frack113 590813c2ba Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-30 20:58:43 +01:00
Nasreddine Bencherchali e6c155442f feat: multiple updates and enhancements 2023-01-30 20:02:45 +01:00
Florian Roth b3c1c2bb24 Merge pull request #3978 from qasimqlf/patch-21 
fix: condition
 2023-01-30 17:11:46 +01:00
Qasim Qlf 2ac3f5c797 fix: condition 2023-01-30 19:13:11 +05:00
phantinuss 6d377cfb66 Merge pull request #3970 from frack113/issue_3968 
proc_creation_win_copy_browser_data fix FP
 2023-01-30 10:57:56 +01:00
Nasreddine Bencherchali 92a23276cf Merge pull request #3972 from frack113/hijacklibs 
feat: add additional new dlls for abuse from hijacklibs
 2023-01-30 10:49:11 +01:00