security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
frack113 5bd0b33a3b Add logsource definition 2022-10-25 14:16:08 +02:00
phantinuss 353e735caa add FP filter for MS Office 2022-10-25 14:15:08 +02:00
Nasreddine Bencherchali c4a89b3b44 Update proc_creation_win_susp_squirrel_lolbin.yml 2022-10-25 13:41:49 +02:00
phantinuss 325fae054a Merge pull request #3636 from phantinuss/master 
fix: FP with new Aurora
 2022-10-25 12:56:30 +02:00
Nasreddine Bencherchali ef5f672a64 Update image_load_side_load_dbghelp_dll.yml 2022-10-25 12:48:52 +02:00
Nasreddine Bencherchali e14dedb3e3 Update image_load_side_load_dbghelp_dll.yml 2022-10-25 12:33:49 +02:00
Nasreddine Bencherchali 205cb7bc2e Update image_load_side_load_dbgcore_dll.yml 2022-10-25 12:30:35 +02:00
Nasreddine Bencherchali d85f085348 Update Code Integrity rule 2022-10-25 12:29:41 +02:00
Nasreddine Bencherchali 214ba4b2e2 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-10-25 12:27:43 +02:00
Nasreddine Bencherchali b42826bcdb Create win_codeintegrity_failed_driver_load.yml 2022-10-25 12:27:11 +02:00
Nasreddine Bencherchali 062acaad6b Add more DLLs for Sideloading 2022-10-25 12:22:29 +02:00
phantinuss c555b33314 fix: FP with new Aurora 2022-10-25 12:20:13 +02:00
frack113 dfdaecc52c Order yaml field 2022-10-25 12:00:56 +02:00
Nasreddine Bencherchali b07f843a5a Update proc_creation_win_susp_squirrel_lolbin.yml 2022-10-25 11:18:38 +02:00
frack113 8b749fb126 Order yaml field 2022-10-25 11:08:51 +02:00
frack113 5498621bbc Order yaml field 2022-10-25 10:08:58 +02:00
frack113 ad3a3e3b71 Order yaml field 4 (#3628) 2022-10-25 09:30:05 +02:00
frack113 11cb03181e Order yaml field 2022-10-25 08:53:44 +02:00
frack113 556dd8f400 Order yaml field 2022-10-25 07:34:10 +02:00
frack113 7b55972146 Order yaml field 2022-10-25 06:48:55 +02:00
Nasreddine Bencherchali 68ce6078ed Update win_codeintegrity_failed_dll_load.yml 2022-10-25 02:13:12 +02:00
Nasreddine Bencherchali f5c5c032c1 fix: fix more FP with CI rule 2022-10-25 02:03:25 +02:00
Nasreddine Bencherchali ec425c836d fix: fix FP with bonjour in CI rule 2022-10-25 01:55:08 +02:00
Nasreddine Bencherchali 1258eca847 fix: Fix typo in selection 2022-10-25 01:47:53 +02:00
Nasreddine Bencherchali ada1121447 Add Office Token Stealing Rules 2022-10-25 01:14:27 +02:00
Nasreddine Bencherchali cc1e7231c6 Create registry_set_disable_macroruntimescanscope.yml 2022-10-25 00:42:16 +02:00
Nasreddine Bencherchali 34e9f0530b Add Inveigh Rules 2022-10-24 22:57:48 +02:00
frack113 f78e9e9034 Add rule 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-10-24 17:52:05 +02:00
Nasreddine Bencherchali 3c9dd2a959 Update image_load_uipromptforcreds_dlls.yml 2022-10-24 13:45:10 +02:00
Nasreddine Bencherchali 87e8e7fa33 Create posh_ps_susp_service_dacl_modification_set_service.yml 2022-10-24 12:17:41 +02:00
Nasreddine Bencherchali 89e28d65d2 Update win_codeintegrity_failed_driver_load.yml 2022-10-24 12:05:50 +02:00
schatzimangou 612f66e8a0 Msiexec update in sigma rules 2022-10-24 08:18:25 +02:00
nasreddine.bencherchali@nextron-systems.com c6bd6ec489 Create proc_creation_win_susp_electron_app_children.yml 2022-10-24 01:04:43 +02:00
frack113 90aeea92bf Merge pull request #3615 from YamatoSecurity/update-win_audit_cve-rule 
update win_audit_cve rule
 2022-10-22 09:50:26 +02:00
Yamato Security 544da5aabd update modified date 2022-10-22 09:34:49 +09:00
frack113 0865182271 Merge pull request #3619 from phantinuss/master 
Fix Testing/Rules
 2022-10-21 18:30:48 +02:00
Florian Roth e9d7c3fdfc Merge pull request #3611 from nasbench/fix-false-positives 
Fix FP In Testing
 2022-10-21 18:11:27 +02:00
frack113 af6c1ab3dd Update registry_set_taskcache_entry.yml 2022-10-21 18:05:06 +02:00
phantinuss 736ba904b0 fix: add new FP to whitelist, no tuning possible 2022-10-21 17:41:32 +02:00
phantinuss b44bced5ca enhance sigma rules tests 2022-10-21 17:29:34 +02:00
phantinuss f642bff744 fix: fix typos found by new check 2022-10-21 17:29:34 +02:00
phantinuss 5bf0c43984 fix: FPs in testing in connection to Aurora 2022-10-21 17:29:34 +02:00
phantinuss e52e5ebf03 add new malicious user agent strings 2022-10-21 17:29:34 +02:00
Florian Roth b8b6e0db91 Merge pull request #3616 from secDre4mer/master 
fix: FP with conhost / csrss
 2022-10-21 13:46:28 +02:00
Max Altgelt c21904620d fix: FP with conhost / csrss 2022-10-21 13:26:59 +02:00
Yamato Security ed37137b7d update win_audit_cve rule 2022-10-21 19:51:33 +09:00
Florian Roth 7bb2832e0f Merge pull request #3613 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-21 08:57:43 +02:00
Florian Roth bdddb3945c Update proc_creation_win_lolbin_susp_wsl.yml 2022-10-21 08:55:51 +02:00
Florian Roth 0d9879506a Update registry_delete_removal_com_hijacking_registry_key.yml 2022-10-21 08:55:34 +02:00
Florian Roth 41ae5444c5 Update registry_set_asep_reg_keys_modification_currentversion.yml 2022-10-21 08:55:10 +02:00