security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,307 Commits 1 Branch 57 Tags
d57d7c1e5b58eb7e520f50ba140bed4b7cfa6607
Commit Graph

533 Commits

Author SHA1 Message Date
Jonhnathan 48f16a0ca8 Update win_susp_net_recon_activity.yml 2020-11-26 22:39:49 -03:00
Jonhnathan f42ef96140 Fix Reference 2020-11-19 22:50:27 -03:00
Jonhnathan fdd28556cf Fix ref 2020-11-19 22:48:20 -03:00
Jonhnathan 4f4fcbc576 Update win_susp_wmi_login.yml 2020-11-19 22:47:20 -03:00
Jonhnathan ea385767b9 Update win_susp_ntlm_auth.yml 2020-11-19 22:40:43 -03:00
Jonhnathan 5d85bbba56 Improve detection logic 2020-11-19 22:37:13 -03:00
Jonhnathan c20bce4a77 Update win_susp_msmpeng_crash.yml 2020-11-19 22:30:48 -03:00
Jonhnathan 7fe2c00ac1 Update win_net_ntlm_downgrade.yml 2020-11-19 22:14:37 -03:00
Jonhnathan 371c112143 Fix the detection logic 
ObjectName = admin was included in the query using AND, not OR.
 2020-11-19 21:45:19 -03:00
Jonhnathan 187d1d3e3b Update win_user_driver_loaded.yml 2020-10-27 22:37:50 -03:00
Jonhnathan dde5b46726 Update win_susp_sam_dump.yml 2020-10-27 22:01:31 -03:00
Jonhnathan 61ccdc598d Update win_susp_local_anon_logon_created.yml 2020-10-27 22:00:42 -03:00
Jonhnathan 3eea825898 Update win_net_ntlm_downgrade.yml 2020-10-27 21:59:49 -03:00
Jonhnathan 53ff19f167 Update win_mmc20_lateral_movement.yml 2020-10-27 21:55:17 -03:00
Jonhnathan 9a5c166bb2 Fix filter 2020-10-16 07:35:59 -03:00
Jonhnathan 0666d21b06 Update win_dcsync.yml 2020-10-15 20:19:06 -03:00
Jonhnathan 1cd56f5dae Update win_vul_cve_2020_0688.yml 2020-10-15 15:56:36 -03:00
Jonhnathan ef3af551e9 Update win_user_driver_loaded.yml 2020-10-15 15:56:16 -03:00
Jonhnathan 4e70b2d797 Update win_user_added_to_local_administrators.yml 2020-10-15 15:55:21 -03:00
Jonhnathan c0892c63c8 Update win_svcctl_remote_service.yml 2020-10-15 15:54:47 -03:00
Jonhnathan d96bd0d9f3 Update win_susp_wmi_login.yml 2020-10-15 15:54:21 -03:00
Jonhnathan 496cfcb26a Update win_susp_sdelete.yml 2020-10-15 15:53:51 -03:00
Jonhnathan 600c7057b1 Update win_susp_sam_dump.yml 2020-10-15 15:53:26 -03:00
Jonhnathan 754e67c0d9 Update win_susp_rc4_kerberos.yml 2020-10-15 15:52:48 -03:00
Jonhnathan 43a56b6759 Update win_susp_raccess_sensitive_fext.yml 2020-10-15 15:51:57 -03:00
Jonhnathan 054255fb17 Update win_susp_psexec.yml 2020-10-15 15:51:16 -03:00
Jonhnathan dae1f3fa71 Update win_susp_ntlm_rdp.yml 2020-10-15 15:50:44 -03:00
Jonhnathan 9b8817f489 Update win_susp_msmpeng_crash.yml 2020-10-15 15:50:01 -03:00
Jonhnathan c310d72e2b Update win_susp_mshta_execution.yml 2020-10-15 15:49:39 -03:00
Jonhnathan 7419396351 Update win_susp_mshta_execution.yml 2020-10-15 15:49:26 -03:00
Jonhnathan 1eb0ccbf14 Update win_susp_local_anon_logon_created.yml 2020-10-15 15:48:36 -03:00
Jonhnathan e089118718 Update win_possible_dc_shadow.yml 2020-10-15 15:45:55 -03:00
Jonhnathan 6961ee4986 Update win_net_ntlm_downgrade.yml 2020-10-15 15:44:24 -03:00
Jonhnathan 8261737728 Update win_mmc20_lateral_movement.yml 2020-10-15 15:42:07 -03:00
Jonhnathan 8f3542a73e Update win_mal_wceaux_dll.yml 2020-10-15 15:41:13 -03:00
Jonhnathan 9bfd63ec26 Update win_hack_smbexec.yml 2020-10-15 15:20:08 -03:00
Jonhnathan e5789a2a52 Update win_dcsync.yml 2020-10-15 15:19:18 -03:00
Jonhnathan 777e49b76c Update win_av_relevant_match.yml 2020-10-15 15:17:33 -03:00
Jonhnathan b555628321 Update win_atsvc_task.yml 2020-10-15 15:15:01 -03:00
Jonhnathan 44735049b6 Update win_apt_stonedrill.yml 2020-10-15 15:14:27 -03:00
Jonhnathan 02a1ab4033 Update win_alert_mimikatz_keywords.yml 2020-10-15 15:11:10 -03:00
Jonhnathan 26b442ec48 Update win_alert_lsass_access.yml 
Getting rid of '*' use
 2020-10-15 15:09:35 -03:00
Jonhnathan 79c2b8d570 Update win_GPO_scheduledtasks.yml 
Getting rid of '*' use
 2020-10-15 15:07:16 -03:00
Jonhnathan 4aa96a2ac9 Update win_alert_enable_weak_encryption.yml 2020-10-15 15:05:49 -03:00
Jonhnathan 5765573907 Update win_alert_active_directory_user_control.yml 
Getting rid of '*' use
 2020-10-15 15:04:08 -03:00
Jonhnathan 1c06c9e166 Update win_admin_share_access.yml 
Getting rid of '*' use
 2020-10-15 15:03:31 -03:00
Jonhnathan 085dc21d25 Update win_admin_rdp_login.yml 
Getting rid of '*' use
 2020-10-15 15:02:40 -03:00
Jonhnathan 9c7a23e432 Update win_account_discovery.yml 
Getting rid of '*' use
 2020-10-15 15:01:31 -03:00
Remco Hofman 6cadfa5b2b Added win_vul_cve_2020_1472 rule 2020-09-15 15:13:53 +02:00
Florian Roth 50db6dcc69 Merge pull request #1002 from scottdermott/master 
+ Adding exclusion for Azure AD Sync (MSOL_xxxxxxxx)
 2020-09-15 08:17:02 +02:00