security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Morowczynski 0c0afaa45c Create azure_pim_activation_approve_deny.yml 
Detection for PIM elevation
 2022-08-09 10:01:01 -07:00
phantinuss df4b8eadbf fix: FP in testing 2022-08-09 18:34:53 +02:00
frack113 4a1eb1f333 Merge pull request #3343 from MarkMorow/markmorow 
Create azure_pim_alerts_disabled.yml
 2022-08-09 18:26:56 +02:00
phantinuss bfeb23e622 fix: FP found in testing 2022-08-09 17:53:48 +02:00
phantinuss 68a768f829 Merge pull request #3335 from nasbench/nasbench-rule-devel 
Update Ntfs Short Name rule
 2022-08-09 17:53:05 +02:00
Mark Morowczynski cdbaa27b9e Update azure_pim_alerts_disabled.yml 
fixing MITRE tag
 2022-08-09 08:39:45 -07:00
Nasreddine Bencherchali f5d0753167 Add extensions 2022-08-09 16:05:36 +01:00
Mark Morowczynski c455b6bafc Create azure_pim_alerts_disabled.yml 
Detect when PIM alert settings changed to disabled
 2022-08-09 08:00:48 -07:00
phantinuss bde259619e Merge pull request #3333 from frack113/short_path 
Use short name path
 2022-08-09 16:49:23 +02:00
phantinuss 84e234575e Merge pull request #3341 from phantinuss/master 
fix: use wildcard * instead of plaintext *
 2022-08-09 11:10:03 +02:00
phantinuss 7ff91656ed fix: remove duplicate filter 2022-08-09 10:56:58 +02:00
phantinuss 43ac43c70d fix: FP found in testing 2022-08-09 10:56:00 +02:00
phantinuss a90ba27a1c fix: do not use wildcard, where not needed 2022-08-09 10:55:05 +02:00
frack113 b58307f355 Merge pull request #3334 from MarkMorow/markmorow 
Create azure_priviledged_role_assignment_add.yml
 2022-08-09 06:18:27 +02:00
frack113 dcfc0b4095 Merge pull request #3336 from frack113/DbgManagedDebugger 
Add registry_set_dbgmanageddebugger_persistence.yml
 2022-08-08 18:49:47 +02:00
phantinuss ef1f2b13ec fix: use wildcard * instead of plaintext * 
the changed files seem like they used an esacped * by mistake
 2022-08-08 17:54:46 +02:00
phantinuss bc892ac440 Merge pull request #3340 from phantinuss/master 
fix: remove TargetObject, too many occurences in testing
 2022-08-08 15:21:38 +02:00
Tomasuh a15044bc1c Avoid Adobe related false-positives 
Avoid Adobe related false-positives such as Adobe Synchronizer
 2022-08-08 14:03:34 +02:00
phantinuss eaa0f339ac fix: remove TargetObject, too many occurences in testing 2022-08-08 13:57:32 +02:00
Tomasuh 946b0205a2 Revert to correct rule id 2022-08-08 08:54:50 +02:00
Tomasuh 9f347bc322 Restore title from previous mistake edit 2022-08-08 08:53:38 +02:00
Tomasuh 9f8c4a4d44 Update proxy_susp_flash_download_loc.yml 2022-08-08 08:43:35 +02:00
Tomasuh 58c6068484 uri inst. of uri-query, r-dns inst of uri-stem 2022-08-08 08:41:41 +02:00
frack113 39fa020092 Add registry_set_dbgmanageddebugger_persistence.yml 2022-08-07 10:30:30 +02:00
frack113 acbc9110e4 Add short name path 2022-08-07 08:38:11 +02:00
frack113 f1eba85780 Add short name path 2022-08-07 08:37:58 +02:00
Nasreddine Bencherchali be896d1013 rename rule 2022-08-06 18:43:59 +01:00
Nasreddine Bencherchali 3388b675ac Create proc_creation_win_ntfs_short_name_use_image.yml 2022-08-06 18:43:33 +01:00
Mark Morowczynski 13e5d53f8d Create azure_priviledged_role_assignment_add.yml 
User added to privilege role assignment
 2022-08-06 07:04:33 -07:00
frack113 c38bfe86da Add short path and Image 2022-08-06 11:25:44 +02:00
frack113 7553a98be0 Merge pull request #3328 from frack113/legacy_short_name 
Add proc_creation_win_shortname_use.yml
 2022-08-06 07:41:12 +02:00
frack113 29a194e20f Merge pull request #3331 from MarkMorow/markmorow 
Create azure_priviledged_role_assignment_bulk_change.yml
 2022-08-06 07:41:00 +02:00
Mark Morowczynski a17a2468d5 Create azure_priviledged_role_assignment_bulk_change.yml 
Priv role assignment removal
 2022-08-05 16:06:41 -07:00
Florian Roth 8041ab5130 Merge pull request #3325 from nasbench/nasbench-rule-devel 
Update+New Rules
 2022-08-05 23:42:09 +02:00
Florian Roth dd0903bc7a Merge pull request #3330 from MarkMorow/markmorow 
Create azure_group_user_addition_ca_modification.yml
 2022-08-05 23:32:31 +02:00
Mark Morowczynski 203d3509ca Create azure_group_user_addition_ca_modification.yml 
Adding rule for user added to group with CA modification access
 2022-08-05 13:46:51 -07:00
frack113 fd383faeec Merge pull request #3326 from MarkMorow/markmorow 
Markmorow
 2022-08-05 19:49:09 +02:00
Nasreddine Bencherchali b6bac087ef Update posh_ps_tamper_defender_remove_mppreference.yml 2022-08-05 18:45:44 +01:00
Nasreddine Bencherchali b4472132a4 Fix after review 2022-08-05 18:40:12 +01:00
Nasreddine Bencherchali a5c277d06c Update and new rule 2022-08-05 17:48:35 +01:00
Nasreddine Bencherchali 95e0e51e11 Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:22:23 +01:00
Nasreddine Bencherchali dfb725171a Update registry_delete_exploit_guard_protected_folders.yml 2022-08-05 17:14:19 +01:00
Nasreddine Bencherchali 01c1472897 Update registry_set_exploit_guard_susp_allowed_apps.yml 2022-08-05 17:13:15 +01:00
Nasreddine Bencherchali f704feaf69 New Rules 2022-08-05 17:11:42 +01:00
Nasreddine Bencherchali 9ef9103368 Update PowerShell + other rules 2022-08-05 17:10:41 +01:00
frack113 0153886de5 Merge pull request #3327 from Tomasuh/master 
proxy_empire_ua_uri_combos.yml: Change cs-uri-query to cs-uri to enable matching
 2022-08-05 17:40:11 +02:00
frack113 6ecdaa8fbf Merge pull request #3181 from Yochana-H/Yochana-H 
Azure_user_password_change.yml
 2022-08-05 17:39:09 +02:00
Florian Roth a5427a6a33 Merge pull request #3329 from RomaissaAdjailia/master 
Update win_applocker_file_was_not_allowed_to_run.yml
 2022-08-05 17:07:01 +02:00
RomaissaAdjailia 1af9219b8b Update win_applocker_file_was_not_allowed_to_run.yml 2022-08-05 15:34:41 +01:00
RomaissaAdjailia 461348c88b Update win_applocker_file_was_not_allowed_to_run.yml 2022-08-05 15:23:52 +01:00