security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,307 Commits 1 Branch 57 Tags
d57d7c1e5b58eb7e520f50ba140bed4b7cfa6607
Commit Graph

903 Commits

Author SHA1 Message Date
Jonhnathan d57d7c1e5b Remove Additional backslash 2020-11-26 22:59:35 -03:00
Jonhnathan 31e0cfb13f Update win_susp_covenant.yml 2020-11-20 02:36:20 -03:00
Jonhnathan ec1944e2d7 Update win_susp_copy_system32.yml 2020-11-20 02:31:26 -03:00
Jonhnathan 5d7131bbf2 Update win_susp_compression_params.yml 2020-11-20 02:29:41 -03:00
Jonhnathan 32ed588adb Update detection Logic 2020-11-20 02:27:58 -03:00
Jonhnathan b274be8d4e Update detection Logic 2020-11-20 02:25:32 -03:00
Jonhnathan c31c0d981a Update detection logic 2020-11-20 02:23:18 -03:00
Jonhnathan 23edcc6dc6 Update win_susp_certutil_command.yml 2020-11-20 02:21:55 -03:00
Jonhnathan 8af17dda5b Update win_spn_enum.yml 2020-11-20 02:17:31 -03:00
Jonhnathan d5cb4246c2 Remove additional backlash 2020-11-20 02:16:51 -03:00
Jonhnathan 28febe5dd2 Update win_apt_chafer_mar18.yml 2020-10-27 23:28:04 -03:00
Jonhnathan 0860978412 Update win_apt_bear_activity_gtr19.yml 2020-10-27 23:26:34 -03:00
Jonhnathan e24e6da3b5 Update win_apt_apt29_thinktanks.yml 2020-10-27 23:24:04 -03:00
Jonhnathan 3f23aa56c0 Revert "Revert "Changed the rule to download only and not the copy"" 
This reverts commit 17e7eee3a6.
 2020-10-16 11:05:51 -03:00
Jonhnathan 0734274dfa Revert "Revert "Create win_susp_replace_lolbin.yml"" 
This reverts commit fdd9234acc.
 2020-10-16 11:05:40 -03:00
Jonhnathan 2332e42e4c Update win_susp_copy_lateral_movement.yml 2020-10-15 21:01:23 -03:00
Jonhnathan d4603d196b Update win_susp_adfind.yml 2020-10-15 21:00:15 -03:00
Jonhnathan f4872118a2 Update win_powershell_dll_execution.yml 2020-10-15 20:38:55 -03:00
Jonhnathan 3566dd1594 Fix 2020-10-15 20:35:50 -03:00
Jonhnathan 44c909a4a4 Update win_apt_mustangpanda.yml 2020-10-15 20:33:00 -03:00
Jonhnathan 5fc348fd45 Fix 2020-10-15 20:32:16 -03:00
Jonhnathan 37ee747dfe Update win_apt_chafer_mar18.yml 2020-10-15 20:30:52 -03:00
Jonhnathan 4adf092a25 Update win_workflow_compiler.yml 2020-10-15 20:00:57 -03:00
Jonhnathan eb9bac761f Update win_wmi_spwns_powershell.yml 2020-10-15 20:00:44 -03:00
Jonhnathan b2e1b857ae Update win_wmi_backdoor_exchange_transport_agent.yml 2020-10-15 20:00:27 -03:00
Jonhnathan 86ad1f45f5 Update win_win10_sched_task_0day.yml 2020-10-15 20:00:13 -03:00
Jonhnathan 630e92f3c2 Update win_webshell_spawn.yml 2020-10-15 19:59:59 -03:00
Jonhnathan 138b8fed06 Update win_webshell_recon_detection.yml 2020-10-15 19:59:36 -03:00
Jonhnathan e402356e82 Update win_webshell_detection.yml 2020-10-15 19:58:37 -03:00
Jonhnathan 2d9233d418 Update win_vul_java_remote_debugging.yml 2020-10-15 19:57:43 -03:00
Jonhnathan d9afa1aec6 Update win_termserv_proc_spawn.yml 2020-10-15 19:57:05 -03:00
Jonhnathan 737fbd1619 Update win_system_exe_anomaly.yml 2020-10-15 19:55:57 -03:00
Jonhnathan 434c6257f0 Update win_susp_wmi_execution.yml 2020-10-15 19:52:25 -03:00
Jonhnathan 7b9ec4709f Update win_susp_whoami.yml 2020-10-15 19:51:55 -03:00
Jonhnathan d09dd70695 Update win_susp_userinit_child.yml 2020-10-15 19:51:42 -03:00
Jonhnathan ad8620f729 Update win_susp_tscon_rdp_redirect.yml 2020-10-15 19:51:05 -03:00
Jonhnathan c38ccefc21 Update win_susp_tscon_localsystem.yml 2020-10-15 19:50:14 -03:00
Jonhnathan 9d8116c486 Update win_susp_taskmgr_parent.yml 2020-10-15 19:50:04 -03:00
Jonhnathan dde03e760b Update win_susp_taskmgr_localsystem.yml 2020-10-15 19:49:47 -03:00
Jonhnathan 4543e18e4e Update win_susp_sysvol_access.yml 2020-10-15 19:49:31 -03:00
Jonhnathan 08a018a2ee Update win_susp_sysprep_appdata.yml 2020-10-15 19:49:12 -03:00
Jonhnathan 4c9124952e Update win_susp_svchost.yml 2020-10-15 19:47:47 -03:00
Jonhnathan 5c7bc4c48a Update win_susp_schtask_creation.yml 2020-10-15 19:47:15 -03:00
Jonhnathan d3f0d25ffb Update win_susp_rundll32_by_ordinal.yml 2020-10-15 19:46:54 -03:00
Jonhnathan 8d471775e0 Update win_susp_regsvr32_anomalies.yml 2020-10-15 19:45:08 -03:00
Jonhnathan cc338507c9 Update win_susp_ps_appdata.yml 2020-10-15 19:43:37 -03:00
Jonhnathan 91fb5cdcd0 Update win_susp_prog_location_process_starts.yml 2020-10-15 19:43:19 -03:00
Jonhnathan 253014ee68 Update win_susp_procdump.yml 2020-10-15 19:42:48 -03:00
Jonhnathan f614ac658f Update win_susp_powershell_parent_combo.yml 2020-10-15 19:42:20 -03:00
Jonhnathan 1feba3a12c Update win_susp_powershell_hidden_b64_cmd.yml 2020-10-15 19:40:23 -03:00