security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth a11051447e Merge pull request #3948 from SigmaHQ/rule-devel 
doc: adding another reference
 2023-01-22 11:18:59 +01:00
Florian Roth e95f0d03b4 doc: adding another reference 2023-01-22 11:03:59 +01:00
Florian Roth 1820b04917 Merge pull request #3947 from SigmaHQ/rule-devel 
docs: authors extended
 2023-01-22 11:02:31 +01:00
Florian Roth f2d633ad1a docs: authors extended 2023-01-22 10:57:11 +01:00
Florian Roth 9739cb1c69 Merge pull request #3946 from SigmaHQ/rule-devel 
rule: susp svchost sub process
 2023-01-22 10:32:06 +01:00
frack113 2bd14e4953 Small update 
- Change service to audit
- Add operation
 2023-01-22 08:55:24 +01:00
Nasreddine Bencherchali f1c9112413 fix: update filename 2023-01-22 01:04:27 +01:00
Nasreddine Bencherchali a530e7ad36 fix: add more detail 2023-01-22 01:00:55 +01:00
Florian Roth 52a4985dce rule: susp svchost sub process 2023-01-21 23:45:22 +01:00
Nasreddine Bencherchali c427fd509f Merge pull request #3945 from nasbench/nasbench-rule-devel 
fix: fp with powercat
 2023-01-21 18:23:51 +01:00
Nasreddine Bencherchali ecaf89dd91 fix: fp with powercat 2023-01-21 18:15:37 +01:00
frack113 63045048e3 Merge pull request #3910 from cyb3rjy0t/patch-3 
ADS stored DLL execution using Rundll32
 2023-01-21 13:24:22 +01:00
Nasreddine Bencherchali 585f3a2f36 fix: update regex 2023-01-21 13:02:11 +01:00
Nasreddine Bencherchali 72fe5040f9 Merge pull request #3944 from nasbench/nasbench-rule-devel 
feat: new rules and fp fixes
 2023-01-21 12:46:46 +01:00
frack113 4df3a09ce8 Merge pull request #3943 from SigmaHQ/rule-devel 
Extended some rules with suspicious sub processes
 2023-01-21 12:37:29 +01:00
Nasreddine Bencherchali ae0fe8393e fix: optimize pwsh reg logging tamper rule 2023-01-21 12:28:28 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali 7bce67f940 fix: file extension 2023-01-21 11:52:13 +01:00
Nasreddine Bencherchali 928e77881f feat: new rule related to psexec key file 2023-01-21 11:48:40 +01:00
Nasreddine Bencherchali 9ef8565556 fix: filename 2023-01-21 11:41:44 +01:00
Nasreddine Bencherchali 5416935cec feat: update logsource with new service 2023-01-21 11:33:48 +01:00
Nasreddine Bencherchali 9f3537498c fix: remove net 2023-01-21 11:28:27 +01:00
Nasreddine Bencherchali 2ad9d65f75 fix: filter and add missing modified 2023-01-21 11:26:13 +01:00
Nasreddine Bencherchali 933cd0df7d fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-21 11:23:17 +01:00
frack113 d16c756ee8 Merge pull request #3936 from nikitah4x/master 
Add new rule to detect a new admin role assignment in Okta
 2023-01-21 11:12:44 +01:00
Florian Roth 9aeb191999 Merge branch 'master' into rule-devel 2023-01-21 08:55:12 +01:00
Florian Roth 8c14f9cddb Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2023-01-21 08:55:06 +01:00
Florian Roth 18600eaef4 refactor: extended some exploitation rules - sub procs 
https://twitter.com/skept1kal/status/1616647571904020481
 2023-01-21 08:55:04 +01:00
Micah Babinski f5197d20d1 Reformulated rule. 2023-01-20 13:41:56 -08:00
z00t 9cc61a6e60 Single quotes added to non-integer values. 2023-01-20 23:28:23 +05:00
z00t 44a7b78950 New Rule is created. 2023-01-20 23:09:56 +05:00
z00t e27d79e21a New detection rule. 2023-01-20 21:29:31 +05:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali 5710475311 feat: update pwsh reg logging tamper 2023-01-20 16:19:50 +01:00
Nasreddine Bencherchali 4c5f7bc4c7 Merge pull request #3941 from nasbench/nasbench-rule-devel 
fix: filter fp found in testing
 2023-01-20 16:17:18 +01:00
nikitah4x 8015b445fd Update okta_admin_role_assignment_created.yml 2023-01-20 15:47:36 +02:00
nikitah4x 411b1a44e7 Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:42:22 +02:00
nikitah4x a25fdddb0d Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:42:15 +02:00
nikitah4x 44a3371d8a Update rules/cloud/okta/okta_admin_role_assignment_created.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-20 15:41:32 +02:00
z00t cc511af55e Create github_delete action_invoked.yaml 2023-01-20 18:14:14 +05:00
Nasreddine Bencherchali 9fe829af52 feat: new rules related to CVE-2022-44877 2023-01-20 13:51:17 +01:00
Nasreddine Bencherchali ef0c3d35c4 fix: filter fp found in testing 2023-01-20 11:39:08 +01:00
Nasreddine Bencherchali a98698f6a8 fix: apply suggestions from code review 2023-01-20 10:04:48 +01:00
Nasreddine Bencherchali bfcbc1adbc Merge pull request #3937 from nasbench/nasbench-rule-devel 
feat: fp fixes and enhancements
 2023-01-20 10:03:54 +01:00
Nasreddine Bencherchali f9aa98b438 Merge pull request #3939 from tropChaud/patch-2 
Update and rename proc_creation_win_sqlite_firefox_cookies.yml to pro…
 2023-01-20 10:03:40 +01:00
Nasreddine Bencherchali 3a69160fc7 Merge pull request #3938 from tropChaud/patch-1 
Update and rename proc_creation_win_sqlite_chrome_cookies.yml to proc…
 2023-01-20 10:02:43 +01:00
frack113 6de42e0996 Update proc_creation_win_sqlite_firefox_gecko_profile_data.yml 2023-01-20 09:57:09 +01:00
Nasreddine Bencherchali 4d44aa01dd fix: update description 2023-01-20 09:51:26 +01:00
Nasreddine Bencherchali 51b5f6883b fix: update description 2023-01-20 09:51:15 +01:00
Nasreddine Bencherchali 6d6721ba24 fix: reposition selection for readability 2023-01-20 09:46:24 +01:00