 frack113
|
823cf26633
|
Merge pull request #3356 from Zandmann/patch-3
Create BPF_Door_port_redirect.yml
|
2022-08-13 10:34:38 +02:00 |
|
|
frack113
|
8952aaf4e3
|
Merge pull request #3355 from Zandmann/patch-2
Create BPFDoor_abnormal_process_id_or_lock_file_accessed.yml
|
2022-08-13 10:34:23 +02:00 |
|
|
frack113
|
3426dfb6e9
|
Update backslash
|
2022-08-13 09:59:31 +02:00 |
|
|
Thomas Patzke
|
62e57219b9
|
Merge pull request #3367 from humpalum/master
Using Attk CLI as Submodule to not rely on TAXII Service
|
2022-08-13 09:21:19 +02:00 |
|
|
frack113
|
bd7f0fdf5d
|
Merge pull request #3369 from frack113/temas
Cyble blog
|
2022-08-13 08:00:47 +02:00 |
|
|
frack113
|
7bebb9929b
|
Merge pull request #3370 from redsand/fp_missing_contains_all
False positive fix, needs to match ALL of selectioN_delete, not 1 of …
|
2022-08-13 07:47:34 +02:00 |
|
|
frack113
|
15f94c4685
|
Merge pull request #3368 from nasbench/nasbench-rule-devel
New Rules + Update (Rule Dev)
|
2022-08-13 07:47:13 +02:00 |
|
|
frack113
|
7a1b32b0a4
|
Merge pull request #3365 from frack113/timestomping
Timestomping file_change rule
|
2022-08-13 07:38:06 +02:00 |
|
|
Zandmann
|
1339317b16
|
Update lnx_auditd_bpfdoor_port_redirect.yml
|
2022-08-12 21:41:35 +02:00 |
|
|
Zandmann
|
5bc4b2de27
|
Update lnx_auditd_bpfdoor_file_accessed.yml
|
2022-08-12 21:39:11 +02:00 |
|
|
Nasreddine Bencherchali
|
ce43b1da5c
|
Create web_cve_2022_31659_vmware_rce.yml
|
2022-08-12 18:50:08 +01:00 |
|
|
Nasreddine Bencherchali
|
0cca5208e9
|
Create proc_creation_win_wab_unusual_parents.yml
|
2022-08-12 17:18:44 +01:00 |
|
|
Nasreddine Bencherchali
|
3fffd6a8f3
|
Create proc_creation_win_wab_execution_from_non_default_location.yml
|
2022-08-12 17:12:35 +01:00 |
|
|
Nasreddine Bencherchali
|
4f7738b867
|
Add rule CVE-2022-31656
|
2022-08-12 16:29:52 +01:00 |
|
|
Tim Shelton
|
fa522f68c9
|
False positive fix, needs to match ALL of selectioN_delete, not 1 of them
|
2022-08-12 15:29:49 +00:00 |
|
|
frack113
|
dd4a32e50f
|
Add Ref
|
2022-08-12 17:25:49 +02:00 |
|
|
frack113
|
2e438a5312
|
Add file_event_win_iphlpapi_dll_sideloading
|
2022-08-12 17:16:17 +02:00 |
|
|
Nasreddine Bencherchali
|
b6fda3e758
|
Fix FP
|
2022-08-12 16:09:20 +01:00 |
|
|
Nasreddine Bencherchali
|
4a0c1b41f2
|
Update proc_creation_win_renamed_procdump.yml
|
2022-08-12 16:04:38 +01:00 |
|
|
Nasreddine Bencherchali
|
8477c4976b
|
Update proc_creation_win_renamed_procdump.yml
|
2022-08-12 16:02:54 +01:00 |
|
|
Florian Roth
|
970b15f440
|
Update file_change_win_2022_timestomping.yml
|
2022-08-12 15:10:24 +02:00 |
|
|
Florian Roth
|
560916b357
|
Update file_change_win_2022_timestomping.yml
|
2022-08-12 15:09:32 +02:00 |
|
|
Tobias Michalski
|
d6a251086d
|
Merge remote-tracking branch 'origin/offlineTests'
|
2022-08-12 14:51:25 +02:00 |
|
|
Nasreddine Bencherchali
|
cf2a817801
|
New Rules
|
2022-08-12 13:44:16 +01:00 |
|
|
Nasreddine Bencherchali
|
e4e24a00a7
|
Update procdump rules
|
2022-08-12 13:44:03 +01:00 |
|
|
Nasreddine Bencherchali
|
b1e0668ae3
|
Update adfind rules
|
2022-08-12 13:43:36 +01:00 |
|
|
Nasreddine Bencherchali
|
d7bc975c71
|
Update meta
|
2022-08-12 13:42:52 +01:00 |
|
|
Tobias Michalski
|
6f467656fe
|
chore: Get Submodules for test_rules.py test
|
2022-08-12 14:33:31 +02:00 |
|
|
Tobias Michalski
|
0b93aea4d0
|
chore: Offline Tests
|
2022-08-12 14:19:08 +02:00 |
|
|
Florian Roth
|
19eaa0ae8a
|
Update file_change_win_2022_timestomping.yml
|
2022-08-12 14:06:54 +02:00 |
|
|
Nasreddine Bencherchali
|
0214a0632a
|
Fix FP
|
2022-08-12 11:47:15 +01:00 |
|
|
Tomasuh
|
2bcb6abd72
|
Escape ? character
|
2022-08-12 12:46:21 +02:00 |
|
|
Tomasuh
|
5c549a2825
|
Escape ? character
|
2022-08-12 12:45:52 +02:00 |
|
|
Tomasuh
|
08d25bd065
|
Escape ? character
|
2022-08-12 12:44:53 +02:00 |
|
|
Tomasuh
|
b189122287
|
Escape ? character
|
2022-08-12 12:44:23 +02:00 |
|
|
Tomasuh
|
75b9b7b1a9
|
Escape ? character
|
2022-08-12 12:43:58 +02:00 |
|
|
Tomasuh
|
4ccb8d9ca0
|
Escape question mark
|
2022-08-12 12:38:07 +02:00 |
|
|
frack113
|
472da1d8ef
|
Fix startswith
|
2022-08-12 12:07:03 +02:00 |
|
|
frack113
|
29dbe65d92
|
Add file_change_win_2022_timestomping
|
2022-08-12 12:04:38 +02:00 |
|
|
Florian Roth
|
501f41e475
|
Merge pull request #3363 from frack113/refractor
Update ShareName
|
2022-08-12 08:43:46 +02:00 |
|
|
frack113
|
9a64b6660f
|
Merge pull request #3338 from Tomasuh/master
proxy_susp_flash_download_loc.yml: c-uri inst. of c-uri-query and r-dns inst of c-uri-stem, proxy_ua_susp.yml: Avoid adobe false positives
|
2022-08-11 19:57:19 +02:00 |
|
|
Zandmann
|
1d6199494d
|
Update lnx_auditd_bpfdoor_port_redirect.yml
|
2022-08-11 19:51:48 +02:00 |
|
|
Zandmann
|
a3dcc61eac
|
Rename lnx_auditd_BPF_Door_port_redirect.yml to lnx_auditd_bpfdoor_port_redirect.yml
|
2022-08-11 19:34:43 +02:00 |
|
|
Zandmann
|
28ee157216
|
Rename lnx_auditd_BPFDoor_file_accessed.yml to lnx_auditd_bpfdoor_file_accessed.yml
|
2022-08-11 19:32:17 +02:00 |
|
|
frack113
|
3268a6c9b0
|
Fix ShareName
|
2022-08-11 19:19:07 +02:00 |
|
|
frack113
|
8cf1d92c84
|
Fix ShareName
|
2022-08-11 19:07:47 +02:00 |
|
|
Zandmann
|
35d69a5a4b
|
Update and rename BPF_Door_port_redirect.yml to lnx_auditd_BPF_Door_port_redirect.yml
|
2022-08-11 19:04:17 +02:00 |
|
|
Zandmann
|
f001d35c8b
|
Update and rename BPFDoor_abnormal_process_id_or_lock_file_accessed.yml to lnx_auditd_BPFDoor_file_accessed.yml
|
2022-08-11 18:59:58 +02:00 |
|
|
Florian Roth
|
835b54c05c
|
Merge pull request #3362 from MarkMorow/markmorow
Create azure_privileged_account_creation.yml
|
2022-08-11 18:43:32 +02:00 |
|
|
Florian Roth
|
b5ebc2033e
|
Update azure_privileged_account_creation.yml
|
2022-08-11 18:25:10 +02:00 |
|