blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	68f1ce8b9e	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-20 22:24:56 +01:00
Nasreddine Bencherchali	05bdb9af74	fix: rename files to fit logic	2022-12-19 19:28:23 +01:00
Nasreddine Bencherchali	9c308642c7	fix: apply suggestions from code review Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>	2022-12-19 19:21:55 +01:00
Nasreddine Bencherchali	c374413664	fix: change to permalink	2022-12-19 18:15:57 +01:00
Nasreddine Bencherchali	060174e2dd	fix: small fixes - Added modified date - Updated DLL sideload version	2022-12-19 18:14:01 +01:00
pbssubhash	8a9f1ee273	Update file_event_win_wermgr_local_privilege_escalation.yml	2022-12-19 22:39:05 +05:30
pbssubhash	ae974d8f15	Modifying existing rule instead of a new one	2022-12-19 22:35:36 +05:30
pbssubhash	b763ddd7c7	Update file_event_win_dircreate2system_privesc.yml	2022-12-19 22:21:37 +05:30
pbssubhash	8d617d2587	Create file_event_win_dircreate2system_privesc.yml	2022-12-19 22:14:25 +05:30
Nasreddine Bencherchali	ba3e985bed	feat: multiple update and enhancements	2022-12-19 17:41:40 +01:00
$frack113$ frack113	646351808e	Refractor (#3794 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-18 21:00:14 +01:00
Nasreddine Bencherchali	a606223568	fix: add missing filename to the logic	2022-12-16 19:47:13 +01:00
Nasreddine Bencherchali	3868dd91c6	feat: updates and enhancements	2022-12-16 16:52:12 +01:00
Nasreddine Bencherchali	26cd02cff4	fix: add modified date	2022-12-09 19:24:44 +01:00
Nasreddine Bencherchali	14d174e218	feat: update rules related to dll sideloading	2022-12-09 17:36:24 +01:00
Nasreddine Bencherchali	9f346ce7d1	fix: typo in rule filename	2022-12-09 16:41:36 +01:00
Nasreddine Bencherchali	fa318243c2	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-08 19:22:11 +01:00
Florian Roth	e78cb13cfd	Merge pull request #3764 from pbssubhash/master Detection for LSASS Shtinkering	2022-12-08 17:36:18 +01:00
Nasreddine Bencherchali	80ef3b70dc	fix: broken single item lists	2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali	edc99c92a2	fix: enhance rules related to Lsass-Shtinkering	2022-12-08 11:02:56 +01:00
pbssubhash	d393b57c36	Detection for LSASS Shtinkering	2022-12-08 11:49:53 +05:30
Nasreddine Bencherchali	b59566ad0f	fix: fix FP found in testing	2022-12-07 11:52:38 +01:00
Nasreddine Bencherchali	a425ef65e5	feat: update metadata and add more cases for rules	2022-12-07 02:26:21 +01:00
gs3cl	122cb47d71	Gs3cl patch 1 (#3753 )	2022-12-05 10:39:58 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
$frack113$ frack113	0f3eefdc9c	Update title (#3746 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-02 18:10:43 +01:00
$frack113$ frack113	a674ee246b	Update Title (#3739 )	2022-11-30 11:44:15 +01:00
Nasreddine Bencherchali	1d7ee1cd19	feat: enhance duplicate test (#3736 ) Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-11-29 13:47:09 +01:00
Florian Roth	b56537bffb	fix: some rules using ??? placeholders	2022-11-29 10:31:18 +01:00
jstnk9	647f6dc2ef	Update title (#3734 )	2022-11-29 07:36:45 +01:00
Aurakal	c536b262c9	Create file_event_win_remote_cred_dump.yml (#3732 )	2022-11-27 19:31:48 +01:00
Nasreddine Bencherchali	b6dce4b6a5	feat: general fixes	2022-11-22 01:22:36 +01:00
$frack113$ frack113	cc340f2247	Apply suggestions from code review Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-18 15:43:08 +01:00
$frack113$ frack113	58a732e4b6	Update rules/windows/file/file_event/file_event_win_net_cli_artefact.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-18 15:42:37 +01:00
$frack113$ frack113	4bd0cd07ea	.NET CLR Usage Log	2022-11-18 13:24:58 +01:00
phantinuss	9317454bc8	fix: bcdedit by svchost FP	2022-11-10 16:31:54 +01:00
Florian Roth	9e68c45df0	Merge pull request #3684 from nasbench/nasbench-rule-devel Rule Dev	2022-11-09 20:04:15 +01:00
phantinuss	691649d932	fix: bcedit downloaded to C:\Windows\SoftwareDistribution	2022-11-09 16:44:58 +01:00
Nasreddine Bencherchali	39d66b4e94	Merge branch 'master' into nasbench-rule-devel	2022-11-09 16:14:38 +01:00
Nasreddine Bencherchali	2e224baa94	Update file_event_win_creation_system_file.yml	2022-11-08 12:49:53 +01:00
Nasreddine Bencherchali	f9d54c722f	Update file_event_win_susp_dropper.yml	2022-11-08 12:42:47 +01:00
Nasreddine Bencherchali	33bd200a89	Fix FP	2022-11-08 12:32:44 +01:00
Nasreddine Bencherchali	024d76d5e5	Fix typo in conditions	2022-11-08 12:10:20 +01:00
Nasreddine Bencherchali	220e9c2c90	Fix FP	2022-11-08 12:05:38 +01:00
phantinuss	af2dc36699	new rule for lnk files with lower score	2022-11-07 14:14:04 +01:00
phantinuss	496d1b6a2a	fix: add bcedit filter and sort selection	2022-11-07 13:37:11 +01:00
Nasreddine Bencherchali	841b311dd0	Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel	2022-11-07 11:57:18 +01:00
Nasreddine Bencherchali	753772a177	Rename+Metadata Update	2022-11-04 11:59:11 +01:00
Nasreddine Bencherchali	5ee9428e59	Fix	2022-11-03 09:39:48 +01:00

1 2

70 Commits