security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,779 Commits 1 Branch 57 Tags
da54e89f3045fdf23daa2dbdfd712aceb393ae90
Commit Graph

67 Commits

Author SHA1 Message Date
Florian Roth 5625f471d7 Merge pull request #963 from diskurse/rule-devel 
win_webshell_regeorg.yml
 2020-08-03 13:51:16 +02:00
Florian Roth 3abc3d0a76 docs: add FP condition 2020-08-03 13:50:47 +02:00
Florian Roth 6f7aecbe06 fix: preventive change to avoid FPs 2020-08-03 13:49:52 +02:00
Cian Heasley de33b953ba Add files via upload 
Webshell ReGeorg Detection Via Web Logs
 2020-08-03 12:20:04 +01:00
Ryan Plas 3bb45f00af Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values 2020-07-11 00:00:21 -04:00
Florian Roth 129925ce0b rule: improved Citrix rule 2020-07-10 18:15:35 +02:00
Florian Roth 383953c74e rule: better rule name and descriptions, plus MITRE ATT&CK tags 2020-07-10 17:55:13 +02:00
Florian Roth 0d89208242 rule: updated Citrix rule 2020-07-10 17:49:18 +02:00
Florian Roth eda08e3a89 rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 2020-07-10 17:45:11 +02:00
Florian Roth acfe20aa34 rule: extended F5 BIG-IP exploitation detection rule 2020-07-07 21:45:08 +02:00
Florian Roth 13ab00f744 improved F5 BIG-IP rule based on private feedback 2020-07-05 16:21:48 +02:00
Florian Roth fbe6c0e7d9 improved F5 BIG-IP rule 2020-07-05 13:29:30 +02:00
Florian Roth f079d0f915 rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt 
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
 2020-07-05 13:18:53 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth cdf1ade625 fix: typo in selection 2020-05-26 12:27:16 +02:00
Florian Roth 828484d7c6 rule: confluence exploit CVE-2019-3398 2020-05-26 12:09:41 +02:00
neu5ron b575df8cd7 use the taxonomy for http response which is sc-status 2020-03-14 15:02:33 -04:00
neu5ron 4cd99e71bf use the taxonomy which states to use c-uri instead of c-uri-path 2020-03-14 15:02:06 -04:00
neu5ron d212d43acf spelling 2020-03-14 14:58:25 -04:00
Florian Roth 15a400ac51 fix: fixing bug in rule 2020-02-29 15:51:00 +01:00
Florian Roth fa6458b70f rule: two rules to detect CVE-2020-0688 exploitation 2020-02-29 15:45:45 +01:00
Remco Hofman 4f45e14a56 Match on c-uri instead of c-uri-path 2020-02-27 13:23:25 +01:00
Remco Hofman ff35eb0052 Title capitalization 2020-02-27 12:56:56 +01:00
Remco Hofman 72e34d2aa5 CVE 2020-0688 Exploit attempt rule 2020-02-27 12:51:10 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
2d4d e35ebcc185 complete_cve_2019-19781 2020-01-15 21:59:33 +01:00
Florian Roth 5ef64e4e99 rule: changes at Shitrix rule 2020-01-13 20:15:08 +01:00
2d4d 364e859a6b add newbm.pl 2020-01-12 00:29:10 +01:00
Florian Roth a29c832b6a rule: updated netscaler rule 2020-01-07 14:42:16 +01:00
Florian Roth c9a75a8371 fix: shortened path in Citrix Netscaler rule 2020-01-07 13:00:28 +01:00
2d4d 35fbdd1248 add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 01:48:29 +01:00
2d4d b98e57603e add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 00:34:52 +01:00
Florian Roth fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
James Ahearn eae7e3ab10 Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00
Florian Roth 8c4b21f063 Rule: Apache threading errors 2019-01-22 08:49:10 +01:00
Thomas Patzke 81515b530c ATT&CK tagging QA 2018-09-20 12:44:44 +02:00
megan201296 525326d15f Fix typo 2018-09-06 20:20:11 -05:00
Florian Roth 1134051fba Update web_cve_2018_2894_weblogic_exploit.yml 
Ah, we could do it this way *.js*
 2018-07-23 06:19:25 -06:00
Florian Roth 03a64cca74 Update web_cve_2018_2894_weblogic_exploit.yml 
We try to avoid false positives
 2018-07-23 06:18:38 -06:00
MATTHEW CARR dfb77e936d Update web_cve_2018_2894_weblogic_exploit.yml 
To detect all possible extensions .jspx, .jsw, .jsv, and .jspf
 2018-07-23 07:41:47 +02:00
Florian Roth 0f1b440b91 Rule: widened the CVE-2018-2894 WebLogic rule 
https://twitter.com/lo_security/status/1021148314308358144
 2018-07-22 20:36:10 -06:00
Florian Roth ffb0cf5ed5 Rule: CVE-2018-2894 Oracle WebLogic exploit and webshell drop 2018-07-22 15:09:45 -06:00
SherifEldeeb 48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb 112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Thomas Patzke 9adaf4c411 Cleanup 2017-12-07 16:21:02 +01:00
Björn Kimminich 8a8387c43e SQL Injection error message patterns 
Rule file that detects error messages from different DB providers that would occur during SQL Injection probing
 2017-11-27 22:52:17 +01:00
Thomas Patzke 6b8a5aea4a Added vhost field to web rules 2017-09-17 00:20:17 +02:00
Thomas Patzke 986c9ff9b7 Added field names to first rules 2017-09-12 23:54:04 +02:00