security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Borna Talebi b984d52c65 Fixing conditions 2022-09-16 00:32:47 +04:30
Florian Roth 2fe25f3c80 rule: sharpersist usage 2022-09-15 16:50:34 +02:00
Borna Talebi 0e7085bee5 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:23:58 +04:30
Borna Talebi 227c2f6bb9 Update posh_ps_add_dnsclient_rule.yml 2022-09-14 23:11:52 +04:30
Borna Talebi d078d47360 New Rule: Windows DNS Client Rule 2022-09-14 22:32:35 +04:30
nasreddine.bencherchali@nextron-systems.com eb4247fdb4 Add missing modified field 2022-09-14 15:03:50 +02:00
krestinichev 02cfd972ed Add files via upload 2022-09-14 15:37:51 +03:00
nasreddine.bencherchali@nextron-systems.com 653ad66f21 Updates 2022-09-14 12:29:57 +02:00
Florian Roth 22d0e22d14 rule: 3proxy usage, fix: rule - missing contains 2022-09-14 10:22:01 +02:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
frack113 bd645ad8e0 Merge pull request #3494 from phantinuss/master 
Revert "Revert "Merge branch 'master' of github.com:elhoim/sigma""
 2022-09-13 19:13:06 +02:00
phantinuss 2ed0605dc4 Revert "Revert "Merge branch 'master' of github.com:elhoim/sigma"" 
This reverts commit 6c1761a7b7.
 2022-09-13 15:52:07 +02:00
Florian Roth c246e570d0 Merge pull request #3493 from qasimqlf/patch-6 
VS Code Filter Fix - Undo the last commit
 2022-09-13 13:48:17 +02:00
Florian Roth 9f62270aff refactor: add dumpy tool 2022-09-13 13:38:44 +02:00
Florian Roth 37aed9ac3b docs: add link 2022-09-13 13:38:32 +02:00
Florian Roth 3a38b63fff refactor: chisel rules 2022-09-13 13:38:10 +02:00
Florian Roth 67bca96744 fix: wrong image selection 2022-09-13 13:13:16 +02:00
Qasim Qlf 3b4fc8c3fd VS Code Filter Fix - Undo the last commit 
Previous Filter of Image was wrong. Image can't endsWith (Code.exe and attrib.exe) at the same time. Same condition with other scenario.
CommandLine filter is good.
 2022-09-13 16:02:17 +05:00
Florian Roth f581d77e5d Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-09-13 11:30:37 +02:00
Florian Roth 264bc0787d fix: FP with Malwarebytes 2022-09-13 11:30:27 +02:00
Nasreddine Bencherchali 8a504bee9e Add %tmp% env variable 2022-09-13 10:49:14 +02:00
nasreddine.bencherchali@nextron-systems.com 6fa682b619 Create posh_ps_susp_clear_eventlog.yml 2022-09-13 10:02:36 +02:00
nasreddine.bencherchali@nextron-systems.com 0caeaaa122 Update rules 2022-09-13 10:02:32 +02:00
Florian Roth d0286e210e Merge pull request #3492 from SigmaHQ/rule-devel 
Rule devel
 2022-09-13 08:50:37 +02:00
Florian Roth 2d7e545cad fix: list with one element 2022-09-13 08:38:57 +02:00
Florian Roth e38b404396 Merge pull request #3490 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-09-13 08:33:22 +02:00
Florian Roth c22974205f Merge branch 'master' into rule-devel 2022-09-13 08:07:35 +02:00
Florian Roth 72aa55f1c7 Merge branch 'master' into aurora-false-positive-fixing 2022-09-13 08:07:26 +02:00
Florian Roth 61422ca237 rule: UAC Bypass via ICMLuaUtil 2022-09-13 08:07:15 +02:00
Florian Roth 072a9d73eb fix: changes to existing rules 2022-09-13 08:07:03 +02:00
Florian Roth 5f164ebe12 style: indentation 2022-09-12 13:30:14 +02:00
Florian Roth 0bbb679e38 fix: FPs with veam backup shell 2022-09-12 13:29:51 +02:00
Florian Roth 9b6c8afcc6 Merge pull request #3489 from qasimqlf/patch-4 
Tag added
 2022-09-12 11:24:07 +02:00
Qasim Qlf 1eaad811b6 tag added 2022-09-12 14:15:48 +05:00
frack113 f4da079d13 Add posh_ps_enable_windowsoptionalfeature 2022-09-11 19:43:54 +02:00
frack113 51076b2078 Update posh_ps_disable_windowsoptionalfeature.yml 2022-09-11 19:29:15 +02:00
frack113 4581b253f3 Merge pull request #3485 from elhoim/add_renamed_vmnat 
Add renamed vmnat rule
 2022-09-11 19:17:39 +02:00
Florian Roth a5fe285776 fix: too many FPs during Windows update - User empty 2022-09-11 16:28:04 +02:00
David André 93da67b593 Update proc_creation_win_renamed_vmnat.yml 
Added accidentaly removed falsepositives
 2022-09-11 13:13:58 +02:00
David André 262f046351 Delete image_load_vmware_nondefault_path.yml 
File added in wrong branch
 2022-09-11 13:07:23 +02:00
David André 5656a3a50b Merge branch 'SigmaHQ:master' into add_renamed_vmnat 2022-09-11 13:06:21 +02:00
David ANDRE 3ae8cc84e4 Merge remote-tracking branch 'origin/add_renamed_vmnat' into add_renamed_vmnat 2022-09-11 12:46:35 +02:00
David ANDRE d73aac41d3 Changes based on advice 2022-09-11 12:44:54 +02:00
David ANDRE 5b0c8f60e2 Removed trailing space 2022-09-11 12:36:44 +02:00
David ANDRE 503a32ed86 Merge branch 'add_renamed_vmnat' of github.com:elhoim/sigma into add_renamed_vmnat 2022-09-11 12:35:21 +02:00
David ANDRE c98997390b Changes following advice 2022-09-11 12:35:05 +02:00
frack113 5996fbf4c9 Fix tag 2022-09-10 19:23:58 +02:00
frack113 486fdabe34 Add posh_ps_disable_windowsoptionalfeature 2022-09-10 19:15:36 +02:00
frack113 b9c7b79847 Merge pull request #3477 from elhoim/sigmac_deprecation_warning 
Added deprecating warning in sigmac with color
 2022-09-10 15:43:35 +02:00
frack113 6e529bb9c8 Merge pull request #3484 from elhoim/add_samtheadmin 
Add rule to detect samtheadmin computer name used by hacktool
 2022-09-10 12:34:51 +02:00