dbf4e05309
Merge branch 'SigmaHQ:master' into nasbench-rule-devel
2023-02-21 22:16:07 +01:00
63888f7a53
feat: multiple fixes and updates
2023-02-21 22:15:30 +01:00
b4f8a7a118
Merge pull request #4064 from fukusuket/fix-sigmac-conversion-error-with-base64offset-contains-rule
...
fix: sigmac conversion error with `base64offset|contains` rule
2023-02-21 21:33:22 +01:00
b246439c75
Merge pull request #4065 from phantinuss/master
...
FP fix + cti submodule update
2023-02-21 16:52:33 +01:00
2530cd72de
chore: update submodule cti
2023-02-21 16:38:33 +01:00
ecc41ad20b
fix: FP with chocolatey
2023-02-21 16:38:05 +01:00
f710664dc0
fix: sigmac conversion error with base64offset|contains rule
2023-02-21 21:53:05 +09:00
3085a4025a
Update PULL_REQUEST_TEMPLATE.md
2023-02-20 19:37:30 +01:00
0a734bde8c
Merge pull request #4061 from wagga40/master
...
Typo correction
2023-02-20 17:29:48 +01:00
41e844e0cc
fix: add missing modified
2023-02-20 17:08:48 +01:00
848a64fa69
Create proc_creation_macos_persistence_via_plistbuddy.yml ( #4057 )
2023-02-20 14:15:31 +01:00
d0af939108
Create proc_creation_macos_enable_guest_account.yml ( #4054 )
2023-02-20 14:13:52 +01:00
7387648bb1
Update proc_creation_win_mstsc_remote_connection.yml
2023-02-20 14:13:26 +01:00
f9a73c7a79
Update proc_creation_macos_create_account.yml ( #4052 )
2023-02-20 14:13:06 +01:00
e7492c0f75
Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml
2023-02-20 14:12:51 +01:00
fae6d7066a
Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml
2023-02-20 14:12:32 +01:00
71b849146c
Update proc_creation_win_certutil_export_pfx.yml
2023-02-20 14:11:48 +01:00
ffc9044b07
Update registry_add_persistence_amsi_providers.yml
2023-02-20 14:11:11 +01:00
2d283ff885
Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml
2023-02-20 14:10:03 +01:00
cbc9a10eba
Update java_xxe_exploitation_attempt.yml
2023-02-20 14:08:28 +01:00
b1866adb07
Merge pull request #4049 from nasbench/nasbench-rule-devel
...
feat: new rules, updates and fixes
2023-02-20 13:44:04 +01:00
ef68f4b116
Merge pull request #4050 from nasbench/pr-issue-templates
...
feat: add PULL_REQUEST_TEMPLATE.md
2023-02-20 13:18:49 +01:00
d86e5122cf
Merge pull request #4060 from qasimqlf/patch-33
...
fix: typo in taskName property
2023-02-20 12:16:26 +01:00
2ec65de9a2
fix: taskName property
2023-02-20 16:08:53 +05:00
ae469ddefe
New rules added for LockBit and Reddit used for C2. ( #4045 )
2023-02-20 12:07:02 +01:00
f0afc4cce6
fix: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-02-20 12:06:37 +01:00
5ab9b790b7
fix: typo
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-02-20 11:29:45 +01:00
4921fa3494
Update PULL_REQUEST_TEMPLATE.md
2023-02-20 10:57:41 +01:00
e327427f13
Merge pull request #4048 from YamatoSecurity/update-powershell-usage-of-base64-IEX
...
added other potential IEX strings
2023-02-18 07:13:14 +01:00
a0236b669a
Create PULL_REQUEST_TEMPLATE.md
2023-02-18 00:35:11 +01:00
1d4a6dee3d
fix: more fp
2023-02-17 23:23:31 +01:00
6a0b38291f
fix: fp found in baseline
2023-02-17 23:16:42 +01:00
1dba328ddc
fix: add missing modified
2023-02-17 22:52:09 +01:00
9c673bbb15
added other potential IEX strings
2023-02-18 05:51:40 +09:00
db23238016
Merge pull request #4047 from D4rkCiph3r/patch-2
...
Update proc_creation_macos_binary_padding.yml
2023-02-17 21:50:57 +01:00
2ae212f5ab
fix: remove unnecessary filter
2023-02-17 21:36:54 +01:00
ee7d1d9890
feat: add reference
2023-02-17 19:58:26 +01:00
787ea00ff7
feat: new rule for events.asp technique
2023-02-17 19:41:14 +01:00
c965a8dca0
Update proc_creation_macos_binary_padding.yml
...
Updated the modified field
reference link is same, I have a PR in ART Repo for the same, which is yet to be verified, maybe if it's allowed the man pages of "truncate" and "dd" can be referenced
Discarding the filter, there should either be "of="(output file) or a redirection or append symbol
2023-02-17 23:16:28 +05:30
68c052aab7
feat: updates and fixes
2023-02-17 17:51:44 +01:00
45ff572bd2
Update proc_creation_macos_binary_padding.yml
...
Minor changes
2023-02-17 18:22:26 +05:30
afc6198da8
Update proc_creation_macos_binary_padding.yml
...
Few minor changes, increasing the precision of the rule and reducing the possible false positives.
2023-02-17 18:05:55 +05:30
164b3a36b6
Merge pull request #4043 from nasbench/certutil-other-updates
...
feat: certutil rules updates + other fixes
2023-02-16 11:45:08 +01:00
c56f7932e0
Merge pull request #4041 from nasbench/wmic-rules-updates
...
feat: wmic rules update + other fixes
2023-02-16 11:38:16 +01:00
151171848a
Merge pull request #4038 from nasbench/nasbench-rule-devel
...
feat: updates and enhancements
2023-02-16 11:30:15 +01:00
416c10e0d3
fix: yaml error in description
2023-02-16 11:15:06 +01:00
4142819114
fix: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-02-16 11:06:57 +01:00
362f4e4e60
fix: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-02-16 11:05:38 +01:00
e2068c5cd0
Merge pull request #4001 from mbabinski/master
...
feat: new rule related to Right-to-left override character in the CLI
2023-02-16 10:54:13 +01:00
088ff06cc3
fix: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-02-16 10:46:29 +01:00
Nasreddine Bencherchali