security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,673 Commits 1 Branch 57 Tags
d7a9fa9e1bc1915deaa85664d5cee147366abade
Commit Graph

13673 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth d7a9fa9e1b Merge pull request #3754 from SigmaHQ/aurora-false-positive-fixing 
fix: FPs
 2022-12-04 17:54:28 +01:00
Florian Roth 6390915eb0 fix: FPs 2022-12-04 14:36:22 +01:00
frack113 75c6f44f12 Update Workflow (#3752) 2022-12-04 11:18:11 +01:00
Florian Roth e3ba9ee336 Merge pull request #3750 from nasbench/nasbench-rule-devel 
feat: general updates and fixes
 2022-12-03 14:50:50 +01:00
frack113 3ab7ed6436 Update proc_creation_win_gpg4win_susp_usage.yml 2022-12-03 13:09:50 +01:00
Nasreddine Bencherchali 77b1234572 fix: apply code review changes 2022-12-03 11:55:54 +01:00
frack113 76a624e4a9 Merge pull request #3747 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-12-03 09:36:55 +01:00
frack113 064132a5a8 Merge pull request #3744 from fukusuket/refactor-remove-unnecessary-escape 
refactor: remove unneeded escapes(in `|re` block)
 2022-12-03 09:36:09 +01:00
phantinuss cb5c19d696 fix: FPs found in testing env (#3743) 2022-12-03 09:35:34 +01:00
Florian Roth de0561edba Update rules/windows/registry/registry_set/registry_set_creation_service_susp_folder.yml 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-03 09:09:51 +01:00
Nasreddine Bencherchali 0c3a0d4c39 fix: fp metadata 2022-12-02 23:38:18 +01:00
Nasreddine Bencherchali 3c90fb1c33 fix: fix metadata information 2022-12-02 23:22:23 +01:00
Nasreddine Bencherchali b6492e731b feat: general updates and fixes 2022-12-02 23:16:03 +01:00
securepeacock b5e783a6d5 Update and rename proc_creation_win_rundll32_not_from_c_drive.yml to … (#3609) 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 19:44:44 +01:00
frack113 0f3eefdc9c Update title (#3746) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 18:10:43 +01:00
fukusuket ead6831b25 update modified date. 2022-12-02 21:57:37 +09:00
Florian Roth c545af6b47 Merge pull request #3740 from nasbench/add-ref-desc-test 
feat: new test for special references case
 2022-12-02 13:52:06 +01:00
fukusuket a05742b420 refactor: remove unnesessary escape. 2022-12-02 21:26:45 +09:00
BlueTeamOps b09842f606 Create proc_creation_win_susp_secedit.yml (#3725) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-02 13:21:36 +01:00
Florian Roth 8fd31d5d11 Merge branch 'master' into aurora-false-positive-fixing 2022-12-02 12:18:17 +01:00
Florian Roth 9b5560844f fix: FP with Avast software 2022-12-02 12:18:11 +01:00
fukusuket 7b1d23621c refactor: remove unnesessary escape. 2022-12-02 20:17:39 +09:00
frack113 a674ee246b Update Title (#3739) 2022-11-30 11:44:15 +01:00
Fukusuke Takahashi 76fece654a fix: explicitly escape { to make it clear that it is a literal (#3737) 2022-11-30 11:43:49 +01:00
Nasreddine Bencherchali 25c41ea73c fix: update error message 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:21:24 +01:00
Nasreddine Bencherchali c2e85f4080 feat: update the test to test for lowercase 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-30 10:06:10 +01:00
phantinuss 82afa90499 Merge pull request #3741 from nasbench/nasbench-rule-devel 
feat: new rules, fixes and general updates
 2022-11-30 08:51:15 +01:00
Nasreddine Bencherchali d82e3de11c fix: fix empty field in selection 2022-11-30 00:57:38 +01:00
Nasreddine Bencherchali 92965e6f7e fix: fix broken description 2022-11-29 23:43:03 +01:00
Nasreddine Bencherchali 18d974c751 feat: new test for references case 2022-11-29 23:29:38 +01:00
Nasreddine Bencherchali 02e68a3d26 feat: new powertool rule 2022-11-29 23:24:49 +01:00
Nasreddine Bencherchali 04a1d29eac feat: update driver rules 2022-11-29 23:24:34 +01:00
frack113 ae3d7f4389 Merge pull request #3738 from phantinuss/master 
fix: FP found in testing
 2022-11-29 18:36:49 +01:00
phantinuss 9c8e00fe66 fix: FP found in testing 2022-11-29 16:41:57 +01:00
Nasreddine Bencherchali 1ff75ce60e Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-11-29 16:20:55 +01:00
Nasreddine Bencherchali 1d7ee1cd19 feat: enhance duplicate test (#3736) 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2022-11-29 13:47:09 +01:00
Florian Roth 2ccf5a72cd Merge pull request #3735 from SigmaHQ/rule-devel 
fix: some rules using ??? placeholders
 2022-11-29 10:40:33 +01:00
Florian Roth b56537bffb fix: some rules using ??? placeholders 2022-11-29 10:31:18 +01:00
jstnk9 647f6dc2ef Update title (#3734) 2022-11-29 07:36:45 +01:00
Nasreddine Bencherchali 81e8acf535 fix: fix fp in testing 2022-11-28 13:19:37 +01:00
Nasreddine Bencherchali 4b9075e557 feat: new rules related to service creation 
New service creation rules related to remote software tools
 2022-11-28 12:09:00 +01:00
frack113 c820216541 Update Title (#3733) 2022-11-28 06:43:17 +01:00
Aurakal c536b262c9 Create file_event_win_remote_cred_dump.yml (#3732) 2022-11-27 19:31:48 +01:00
frack113 cd4121d966 Update Title (#3731) 
Co-authored-by: Florian Roth <venom14@gmail.com>
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-11-27 19:19:27 +01:00
jstnk9 3572e9d9ea titles modified (#3730) 2022-11-26 08:49:30 +01:00
frack113 aa07d74f03 Merge pull request #3729 from phantinuss/master 
fix: rare case where Image is not populated
 2022-11-25 18:19:50 +01:00
Florian Roth afa2adce92 Update proc_creation_win_termserv_proc_spawn.yml 2022-11-25 17:07:52 +01:00
phantinuss f1bd1117e9 fix: rare case where Image is not populated 2022-11-25 16:48:13 +01:00
jstnk9 a573a8e1bc Title modified in several rules (#3728) 2022-11-25 15:34:38 +01:00
Florian Roth 9a8c5a134e Merge pull request #3726 from phantinuss/master 
fix: FP in testing environment
 2022-11-24 16:59:17 +01:00