security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,089 Commits 1 Branch 57 Tags
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
Commit Graph

15089 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Qasim Qlf 78419eb9cc Update rules/windows/process_creation/proc_creation_win_whoami_priv.yml 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-03 19:00:51 +05:00
Qasim Qlf 5bd3aba86c Update proc_creation_win_python_pty_spawn.yml 2023-02-03 16:14:20 +05:00
Qasim Qlf 4d571872ec fix: condition 2023-02-03 15:57:29 +05:00
Qasim Qlf c794427246 fix: condition 2023-02-03 15:56:19 +05:00
Qasim Qlf 2d5bd84433 Update proc_creation_win_regedit_import_keys.yml 2023-02-03 15:54:59 +05:00
Qasim Qlf 733293993b fix: condition 2023-02-03 15:53:33 +05:00
Qasim Qlf 71c2be5507 Update proc_creation_win_whoami_priv.yml 2023-02-03 15:33:26 +05:00
Qasim Qlf 5505ff28d9 Update proc_creation_win_tool_nircmd.yml 2023-02-03 14:40:40 +05:00
Qasim Qlf 6279532a13 Update proc_creation_win_termserv_proc_spawn.yml 2023-02-03 14:34:34 +05:00
Qasim Qlf 18c4acce2d update: condition name 2023-02-03 14:34:09 +05:00
Zeta 45010540d7 proc_creation_win_susp_rundll32_script_run.yml 
Fixed link and removed "RunHTMLApplication" cause it can also use with "Ordinal number".
 2023-02-03 15:25:57 +07:00
Nasreddine Bencherchali fc818bbbdc feat: multiple updates and fixes 2023-02-03 02:22:28 +01:00
Nasreddine Bencherchali 6c153bff3f Merge pull request #3995 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-02 21:40:21 +01:00
Nasreddine Bencherchali 8fc7f741d9 fix: apply escape suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 21:34:54 +01:00
Nasreddine Bencherchali b80a81aba8 fix: wrong escape 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 20:07:13 +01:00
Nasreddine Bencherchali 307ecf5694 fix: typos in titles and descriptions of rules 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-02 19:40:01 +01:00
Nasreddine Bencherchali cbf114c9a8 fix: update wildcard selection 2023-02-02 10:53:59 +01:00
Nasreddine Bencherchali c68531e688 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-02 10:52:04 +01:00
Nasreddine Bencherchali d08acc18ae fix: add missing modified field 2023-02-02 00:28:32 +01:00
Nasreddine Bencherchali 0663b4e3f4 feat: more updates 2023-02-02 00:24:35 +01:00
frack113 fb79c36372 Merge pull request #3989 from D4rkCiph3r/JXA_in-memory 
Create proc_creation_macos_jxa_in-memory_execution.yml
 2023-02-01 18:46:14 +01:00
frack113 9ad58353a7 Update from review 2023-02-01 18:30:45 +01:00
frack113 c1ef84fd66 Merge remote-tracking branch 'upstream/master' into pr/3989 2023-02-01 18:27:51 +01:00
frack113 3d8b82805c Merge pull request #3992 from D4rkCiph3r/osacompile 
Create proc_creation_macos_osacompile_run-only_execution.yml
 2023-02-01 18:17:00 +01:00
frack113 f121041cf0 Merge pull request #3991 from D4rkCiph3r/macro-osa 
Create proc_creation_macos_macros_execution.yml
 2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali 55f16c3f84 fix: update metadata and logic 2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali d8b17f1d9f fix: add ref and update description 2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali 0cddb6194c Merge pull request #3993 from D4rkCiph3r/patch-1 
feat: add new extension to osascript rule
 2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali 04227055e4 fix: add reference 2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali 5d769b7b19 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-01 17:10:00 +01:00
Nasreddine Bencherchali ac85d5ebff Merge pull request #3997 from nasbench/update-nextron-authors 
chore: add nextron authors tag
 2023-02-01 17:07:25 +01:00
Micah Babinski 266d13d441 Re-added missing level 2023-02-01 07:38:24 -08:00
Micah Babinski f5e7db38a6 Added rule for RLO character in command line 2023-02-01 07:34:23 -08:00
Nasreddine Bencherchali e7d54529d1 Merge pull request #3998 from phantinuss/master 
fix: FPs with IPv6 adresses
 2023-02-01 14:38:57 +01:00
Nasreddine Bencherchali 31a5c08480 fix: reduce author set 2023-02-01 14:34:46 +01:00
Nasreddine Bencherchali beebafe9ce fix: special case 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-01 13:22:11 +01:00
phantinuss 08b801aaff fix: FPs with IPv6 adresses 2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
phantinuss f1cbbc4061 Merge pull request #3996 from qasimqlf/master 
fix: optimize
 2023-02-01 10:21:46 +01:00
Qasim Qlf f7e2fc1682 Update proc_creation_win_vul_java_remote_debugging.yml 2023-02-01 11:02:57 +05:00
frack113 cd58c1baef fix title case 2023-02-01 06:35:26 +01:00
Nasreddine Bencherchali 9c0eae7590 fix: remove kerberos generic filters 2023-01-31 22:18:32 +01:00
Nasreddine Bencherchali 3e24998fe1 feat: add add-appxpackage cmdlet rules 2023-01-31 22:11:32 +01:00
frack113 2b198b7c32 Merge pull request #3971 from frack113/order_rule_folder 
Order root rules folder
 2023-01-31 21:05:28 +01:00
frack113 00d731bcb5 Merge pull request #3990 from qasimqlf/patch-28 
Update proc_creation_win_purplesharp_indicators.yml
 2023-01-31 17:49:01 +01:00
frack113 26575cc2e0 Update proc_creation_macos_applescript.yml 2023-01-31 17:46:43 +01:00
frack113 66700a69e2 Merge pull request #3994 from ionsor/patch-8 
Update proc_creation_lnx_hack_tools.yml
 2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali 55bf797563 fix: selection again 2023-01-31 17:40:17 +01:00
Nasreddine Bencherchali 97f35b7a4d Merge pull request #3980 from nasbench/blackberry-rules-cti-2023 
feat: new rules from blackberry
 2023-01-31 17:23:24 +01:00
Nasreddine Bencherchali 2684f0f63c fix: remove unnecessary entry 2023-01-31 17:21:42 +01:00