security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 d8a7228c68 Add MicrosoftRedirectionURL 2023-03-05 15:10:18 +01:00
Florian Roth 559b7b4bf9 Merge pull request #4090 from fukusuket/fix-modifier-endswith-typo 
fix `endswith` modifier typo
 2023-03-04 12:52:41 +01:00
fukusuket 8b5a254d4f fix: update modified 2023-03-04 20:40:48 +09:00
fukusuket d0e1bd5cfa fix endswith typo 2023-03-04 20:36:28 +09:00
frack113 fe96795c34 Merge pull request #4089 from fukusuket/fix-deprecated-status-typo 
fix :`deprecated` status typo
 2023-03-04 08:36:30 +01:00
fukusuket 1896aee5cb update modified 2023-03-04 16:07:17 +09:00
fukusuket 31e14f8b63 fix status typo 2023-03-04 16:06:45 +09:00
Nasreddine Bencherchali e0b3137514 Update Pipfile.lock 2023-03-03 15:44:50 +01:00
frack113 05e1d235e7 Merge pull request #4086 from frack113/auto_lf 
Normalize LF
 2023-03-03 11:29:22 +01:00
frack113 0afaada946 Update .gitattributes 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-03 11:16:59 +01:00
Nasreddine Bencherchali 4439d85ea5 chore: renames with new sigma convention 2023-03-03 00:21:25 +01:00
frack113 fb755788ab Normalize LF 2023-03-02 17:52:48 +01:00
Nasreddine Bencherchali a93853bd20 Merge pull request #4082 from nasbench/nasbench-rule-devel 
feat: update and fixes
 2023-03-02 13:46:29 +01:00
Nasreddine Bencherchali eae48afc53 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-03-01 19:10:50 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 46671f0905 Merge pull request #4085 from markus-nclose/master 
feat: enhance renamed binaries rule with reg.exe
 2023-03-01 14:13:53 +01:00
Nasreddine Bencherchali bd9f82efa2 Merge pull request #4084 from nasbench/master 
chore: rollback previous state of the rule
 2023-03-01 14:12:46 +01:00
Nasreddine Bencherchali 8649d31048 fix: update modified field 2023-03-01 13:52:03 +01:00
markus-nclose 5d7fe8823b Add reg.exe 
Reg.exe for Qakbot defense evasion.
https://github.com/pr0xylife/Qakbot/blob/main/Qakbot_BB17_28.02.2023.txt
xcopy  C:\Windows\\\\\\system32\\\\\\reg.exe C:\Users\Admin\AppData\Local\Temp\glanduleHoratory.exe /h /s /e
 2023-03-01 13:27:59 +02:00
Nasreddine Bencherchali 3c425a0b03 Merge branch 'SigmaHQ:master' into master 2023-02-28 21:10:47 +01:00
Nasreddine Bencherchali 1950fd389a fix: rollback previous state of the rule 2023-02-28 21:10:08 +01:00
Nasreddine Bencherchali b584dd198e Merge pull request #4074 from pfpt-dmiller/patch-1 
feat: add new dns rule related to socgholish c2
 2023-02-28 18:28:56 +01:00
Nasreddine Bencherchali f5f6ec3e64 fix: update modifiers 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-28 18:27:41 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 1353d57485 fix: issues with CICD 2023-02-28 15:59:13 +01:00
Nasreddine Bencherchali 5689263f30 fix: add missing modified 2023-02-28 15:44:37 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 2234b7d180 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-28 12:34:41 +01:00
Nasreddine Bencherchali 6633ba56c4 Merge pull request #4081 from phantinuss/master 
fix: FP found in testing environment
 2023-02-28 12:25:05 +01:00
phantinuss b61ec0d515 restrict System process using PID 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-02-28 12:16:55 +01:00
phantinuss 8cf0de3776 fix: FP found in testing environment 2023-02-28 10:22:47 +01:00
Nasreddine Bencherchali 7f18403f51 Merge pull request #4077 from frack113/firewall 
feat: add win_firewall_as_add_rule_susp_folder
 2023-02-27 21:26:39 +01:00
frack113 506e124135 Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:36:44 +01:00
frack113 ca5cde25aa Update win_firewall_as_add_rule_susp_folder.yml 2023-02-27 17:25:27 +01:00
Nasreddine Bencherchali e10353e59a Merge pull request #4080 from phantinuss/master 
chore: remove unnecessary provider_name filter for security log
 2023-02-27 16:47:48 +01:00
Nasreddine Bencherchali 2a9a842083 Update rules/windows/dns_query/dns_query_win_malware_socgholish_second_stage_c2.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-27 15:23:07 +01:00
Gude5 39928d2cdf feat: update del related detection (#4046) 2023-02-27 15:19:28 +01:00
Nasreddine Bencherchali d3b7b69c59 Update dns_query_win_malware_socgholish_second_stage_c2.yml 2023-02-27 13:29:53 +01:00
Nasreddine Bencherchali 9f591a3a9a fix: update category 
Update rule category to reflect the fields
 2023-02-27 13:24:10 +01:00
Nasreddine Bencherchali 737525227f fix: update logsource.json 2023-02-27 13:20:29 +01:00
Nasreddine Bencherchali 9f229069b2 Update dns_query_win_malware_socgholish_second_stage_c2.yml 2023-02-27 13:13:44 +01:00
Nasreddine Bencherchali 3bd9f844b5 fix: update metadata and logic 2023-02-27 13:11:27 +01:00
phantinuss 6e1853cd1a chore: remove unnecessary provider_name filter for security log 2023-02-27 13:04:39 +01:00
Nasreddine Bencherchali 40f587b63d feat: more renames 2023-02-27 13:01:52 +01:00
sai prashanth pulisetti 46ed735d4a feat: add co-author to posh_pc_abuse_nslookup_with_dns_records.yml (#4079) 2023-02-27 12:16:55 +01:00
Nasreddine Bencherchali c533f8fcf2 fix: typos and title 2023-02-27 11:37:52 +01:00
Nasreddine Bencherchali 6a86ce9f63 Merge pull request #4078 from frack113/cw_script 
feat: update cscript/wscript detection
 2023-02-27 11:34:09 +01:00
frack113 d7e8407d0d Update detection 2023-02-26 16:28:46 +01:00
frack113 d29474079d Add win_firewall_as_add_rule_susp_folder 2023-02-26 15:50:17 +01:00
Nasreddine Bencherchali 8b7eb565aa Merge pull request #4076 from nasbench/unsupported-pipe-notation-rules 
chore: update pipe-notation rules status to unsupported
 2023-02-24 20:41:49 +01:00