security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth d209219192 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 09:55:44 +01:00
phantinuss efbe16afe3 fix: use all filter selections 2022-11-01 09:08:25 +01:00
Nasreddine Bencherchali 0aff47946d Fix FP 2022-11-01 01:05:42 +01:00
Florian Roth 850d0edf80 Update proc_creation_win_susp_rundll32_by_ordinal.yml 2022-11-01 00:16:17 +01:00
Nasreddine Bencherchali a936332a1c Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 21:06:15 +01:00
Nasreddine Bencherchali 96b7303a31 New Rules 2022-10-31 20:59:33 +01:00
Nasreddine Bencherchali 97d927a637 Add more lolbins 2022-10-31 20:57:57 +01:00
Nasreddine Bencherchali fb50c78531 Optimize selection 2022-10-31 20:57:48 +01:00
Nasreddine Bencherchali e8f10733e0 Add browsers 2022-10-31 20:57:22 +01:00
Nasreddine Bencherchali a6445a9051 Update proc_creation_win_susp_regsvr32_image.yml 2022-10-31 20:56:44 +01:00
Nasreddine Bencherchali 36b9716b27 Update proc_creation_win_esentutl_webcache.yml 2022-10-31 20:56:29 +01:00
frack113 bb94f814af Update image_load_susp_vss_ps_load.yml 2022-10-31 20:24:22 +01:00
frack113 2469d525c1 Update image_load_susp_vss_dll_load.yml 2022-10-31 20:17:15 +01:00
frack113 5d3275aaca Merge branch 'master' into DeleteShadowCopies 2022-10-31 19:43:23 +01:00
frack113 a1fef566bd update filter image 2022-10-31 19:40:07 +01:00
frack113 f27ddc8a0f Update rules/windows/image_load/image_load_susp_vss_dll_load.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-31 19:33:13 +01:00
frack113 20ef4b880c Exclude SetupFrontEnd.exe 2022-10-31 18:49:53 +01:00
frack113 92ffbff5dc Add image_load_susp_vss_dll_load 2022-10-31 18:40:46 +01:00
Florian Roth ce750aba9c fix: wrong condition 2022-10-31 17:38:04 +01:00
Florian Roth 1bff9dc013 Merge branch 'master' into rule-devel 2022-10-31 15:55:35 +01:00
Florian Roth 493144a3b3 Racoon stealer UAs 2022-10-31 15:55:28 +01:00
Florian Roth b17777751e Merge branch 'master' into aurora-false-positive-fixing 2022-10-31 15:53:53 +01:00
securepeacock f6acf8e4cc Update lnx_shell_priv_esc_prep.yml 
Added ip6tables
 2022-10-31 09:38:45 -04:00
phantinuss 743ebf08f7 Merge pull request #3660 from qasimqlf/patch-10 
Title Fix
 2022-10-31 11:53:46 +01:00
Florian Roth 711844ea93 fix: Visual Studio Builds 2022-10-31 11:48:24 +01:00
phantinuss 8c2b14a7ab Merge pull request #3661 from phantinuss/master 
FP fixes
 2022-10-31 11:44:39 +01:00
phantinuss 0d63c5a4ff fix: modified should change on title changes 
https://github.com/SigmaHQ/sigma/wiki/Rule-Creation-Guide#date
 2022-10-31 11:44:16 +01:00
phantinuss a20789cc49 Merge pull request #3654 from SigmaHQ/aurora-false-positive-fixing 
fix: FP with Code Integrity Attempted DLL Load
 2022-10-31 11:35:56 +01:00
phantinuss 1f9a833b9b fix: no modified date for changes on meta data 2022-10-31 11:34:08 +01:00
phantinuss 2788fba40d fix: FPs found with Aurora 2022-10-31 11:31:30 +01:00
Qasim Qlf b3c0301bde Title Fix 2022-10-31 15:23:05 +05:00
phantinuss 91af76417b fix: new code integrity offenders 2022-10-31 11:13:56 +01:00
Florian Roth 48bf635acd Merge pull request #3659 from bohops/master 
Add vsls-agent lolbin rule
 2022-10-31 10:08:25 +01:00
frack113 095bc89545 Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 
change to LF
 2022-10-31 08:49:16 +01:00
frack113 5c416e94cf Update proc_creation_win_susp_vslsagent_agentextensionpath_load.yml 2022-10-31 08:20:41 +01:00
bohops c0e98d352a Add vsls-agent lolbin rule 2022-10-30 17:06:37 -04:00
Florian Roth 897580f294 Update win_codeintegrity_attempted_dll_load.yml 2022-10-29 09:52:36 +02:00
frack113 c1c4ef0f9c Merge pull request #3655 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-29 09:39:12 +02:00
frack113 15d7855c1c Merge pull request #3656 from nasbench/fix-false-positives 
fix: FP with dbgcore and dbghelp
 2022-10-29 09:38:05 +02:00
Mustafa Kaan Demir 27822a0827 DomainPasswordSpray Attacks Rule 2022-10-29 09:36:40 +02:00
Nasreddine Bencherchali ff3d576a1a Fix small typos 2022-10-28 23:51:43 +02:00
Nasreddine Bencherchali 9c10585a34 fix: fix fp in testing 2022-10-28 18:11:30 +02:00
Nasreddine Bencherchali fd256717b0 Update proc_creation_win_msiexec_install_quiet.yml 2022-10-28 18:03:47 +02:00
Nasreddine Bencherchali 012e10a8be Update proc_creation_win_raspberry_robin_single_dot_ending_file.yml 2022-10-28 17:51:46 +02:00
Nasreddine Bencherchali ae2f3ea66d Add examples 2022-10-28 17:51:26 +02:00
Nasreddine Bencherchali d6e076658d Update after merge 2022-10-28 17:42:57 +02:00
Nasreddine Bencherchali c21524b249 Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2022-10-28 17:37:54 +02:00
Nasreddine Bencherchali 761bf551b1 Add more system processes 2022-10-28 17:25:53 +02:00
Nasreddine Bencherchali bb8d7b3414 Add more suspicious extensions 2022-10-28 17:25:41 +02:00
Nasreddine Bencherchali 3cb577ddfc Raspberry Robin Related Rules 2022-10-28 17:25:25 +02:00