security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nasreddine Bencherchali a8472bf4df fix: add missing selection 2022-12-09 19:13:59 +01:00
Nasreddine Bencherchali fa1cbb314a feat: more updates to etw tamper rules 2022-12-09 19:09:24 +01:00
Nasreddine Bencherchali 7c7057d9d3 fix: rename .net etw tamper rules 2022-12-09 18:06:58 +01:00
Nasreddine Bencherchali 89e44d46cb feat: update .net etw tamper rules 2022-12-09 18:06:20 +01:00
Nasreddine Bencherchali 14d174e218 feat: update rules related to dll sideloading 2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali cde2bdfc22 fix: fix typo in fieldname and close #2101 2022-12-09 17:11:03 +01:00
Nasreddine Bencherchali 9f346ce7d1 fix: typo in rule filename 2022-12-09 16:41:36 +01:00
Nasreddine Bencherchali 1143ec85b4 feat: enhance pssnapin rule 2022-12-09 16:38:32 +01:00
Nasreddine Bencherchali 559b4c4e97 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-12-09 13:41:21 +01:00
Nasreddine Bencherchali ac706c5f56 Merge pull request #3771 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs with Important Scheduled Task Deleted
 2022-12-09 13:39:16 +01:00
Florian Roth 356ab98ada fix: FPs with Important Scheduled Task Deleted 2022-12-09 12:55:41 +01:00
Nasreddine Bencherchali 0783d6df22 feat: update Lsass-Shtinkering rules 2022-12-09 12:22:50 +01:00
Nasreddine Bencherchali 7cd15d0bc1 fix: update metadata 2022-12-09 10:34:06 +01:00
Nasreddine Bencherchali 6f6cb9648d fix: fp found in testing 2022-12-09 10:33:52 +01:00
Nasreddine Bencherchali a0e8019780 fix: issue raised by PR #3769 2022-12-09 10:33:33 +01:00
Qasim Qlf fb8e0894b0 fix: condition 2022-12-09 13:42:49 +05:00
Florian Roth 4013ee645e Merge pull request #3767 from qasimqlf/patch-14 
Added more FPs
 2022-12-09 09:07:17 +01:00
Florian Roth 9afbf6d530 Merge pull request #3769 from qasimqlf/patch-15 
Fix the filter
 2022-12-09 09:07:04 +01:00
Florian Roth 30ca3019e4 Merge pull request #3761 from nasbench/nasbench-rule-devel 
feat: new rules and general updates
 2022-12-09 09:06:36 +01:00
Thomas Patzke 51d4239345 Merge pull request #3768 from SigmaHQ/dependabot/pip/certifi-2022.12.7 
chore(deps): bump certifi from 2021.5.30 to 2022.12.7
 2022-12-09 07:46:28 +01:00
Qasim Qlf 868be248dd Fix the filter 2022-12-09 11:27:28 +05:00
dependabot[bot] ab18539fce chore(deps): bump certifi from 2021.5.30 to 2022.12.7 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2021.5.30 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases)
- [Commits](https://github.com/certifi/python-certifi/compare/2021.05.30...2022.12.07)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-09 05:18:26 +00:00
BlueTeamOps 47b5272fcd Create azure_ad_azurehound_discovery.yml (#3762) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-08 20:21:02 +01:00
Nasreddine Bencherchali fa318243c2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-08 19:22:11 +01:00
Florian Roth e78cb13cfd Merge pull request #3764 from pbssubhash/master 
Detection for LSASS Shtinkering
 2022-12-08 17:36:18 +01:00
Florian Roth 63d3533a4a Merge pull request #3766 from nasbench/enhance-single-item-list-test 
feat: enhance single item lists test
 2022-12-08 17:35:19 +01:00
Florian Roth ece1d01038 fix: syntax error, additional comma 2022-12-08 17:34:56 +01:00
Qasim Qlf c18f634c02 Added more FPs 2022-12-08 21:08:01 +05:00
Nasreddine Bencherchali 80ef3b70dc fix: broken single item lists 2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali c560baf673 feat: enhance test 2022-12-08 16:23:48 +01:00
Nasreddine Bencherchali 5337eaa48f Merge pull request #3765 from nasbench/enhance-unused-selection-test 
feat: enhance unused selection test
 2022-12-08 14:17:44 +01:00
Nasreddine Bencherchali 18c3c8528d fix: remove tamper protection value 2022-12-08 12:13:14 +01:00
Nasreddine Bencherchali 0567ca8ca3 fix: fix unused selection 2022-12-08 11:57:40 +01:00
Nasreddine Bencherchali 2506d29bc9 feat: add more checks for the test 2022-12-08 11:57:26 +01:00
Nasreddine Bencherchali bfcdcf2b9c fix: remove fp filter 2022-12-08 11:44:59 +01:00
Nasreddine Bencherchali edc99c92a2 fix: enhance rules related to Lsass-Shtinkering 2022-12-08 11:02:56 +01:00
pbssubhash bea46b2b9e Update to modify FP and UUID 2022-12-08 12:13:25 +05:30
pbssubhash 4bb1df9f6e Update to remove FP 2022-12-08 12:03:02 +05:30
pbssubhash 9ea5fac51c Update proc_creation_lsass_shtinkering.yml 2022-12-08 11:56:40 +05:30
pbssubhash d393b57c36 Detection for LSASS Shtinkering 2022-12-08 11:49:53 +05:30
Nasreddine Bencherchali f12975bc6b fix: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-12-07 22:34:56 +01:00
Nasreddine Bencherchali b1a657b7de fix: add spaces to avoid fp with other keys 2022-12-07 22:27:27 +01:00
Nasreddine Bencherchali 8482d33708 fix: add rule to fp filter 2022-12-07 22:27:14 +01:00
Nasreddine Bencherchali 9a5a0fed20 feat: update test to include more cases 2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali b59566ad0f fix: fix FP found in testing 2022-12-07 11:52:38 +01:00
BlueTeamOps 1e3b4ad895 Merge branch 'SigmaHQ:master' into master 2022-12-07 21:09:43 +11:00
Nasreddine Bencherchali 1d749cee54 fix: duplicate id 2022-12-07 02:44:31 +01:00
Nasreddine Bencherchali 899b1606f8 fix: duplicate id 2022-12-07 02:38:19 +01:00
Nasreddine Bencherchali a425ef65e5 feat: update metadata and add more cases for rules 2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali a7bfb349ee fix: fix fp found in testing 2022-12-07 02:25:52 +01:00