blue-team-tools

Author	SHA1	Message	Date
D4rkCiph3r	848a64fa69	Create proc_creation_macos_persistence_via_plistbuddy.yml (#4057 )	2023-02-20 14:15:31 +01:00
D4rkCiph3r	d0af939108	Create proc_creation_macos_enable_guest_account.yml (#4054 )	2023-02-20 14:13:52 +01:00
D4rkCiph3r	f9a73c7a79	Update proc_creation_macos_create_account.yml (#4052 )	2023-02-20 14:13:06 +01:00
Nasreddine Bencherchali	2ae212f5ab	fix: remove unnecessary filter	2023-02-17 21:36:54 +01:00
D4rkCiph3r	c965a8dca0	Update proc_creation_macos_binary_padding.yml Updated the modified field reference link is same, I have a PR in ART Repo for the same, which is yet to be verified, maybe if it's allowed the man pages of "truncate" and "dd" can be referenced Discarding the filter, there should either be "of="(output file) or a redirection or append symbol	2023-02-17 23:16:28 +05:30
D4rkCiph3r	45ff572bd2	Update proc_creation_macos_binary_padding.yml Minor changes	2023-02-17 18:22:26 +05:30
D4rkCiph3r	afc6198da8	Update proc_creation_macos_binary_padding.yml Few minor changes, increasing the precision of the rule and reducing the possible false positives.	2023-02-17 18:05:55 +05:30
Nasreddine Bencherchali	0795ed6469	feat: additional updates and fixes	2023-02-04 21:06:47 +01:00
$frack113$ frack113	9ad58353a7	Update from review	2023-02-01 18:30:45 +01:00
$frack113$ frack113	c1ef84fd66	Merge remote-tracking branch 'upstream/master' into pr/3989	2023-02-01 18:27:51 +01:00
$frack113$ frack113	3d8b82805c	Merge pull request #3992 from D4rkCiph3r/osacompile Create proc_creation_macos_osacompile_run-only_execution.yml	2023-02-01 18:17:00 +01:00
$frack113$ frack113	f121041cf0	Merge pull request #3991 from D4rkCiph3r/macro-osa Create proc_creation_macos_macros_execution.yml	2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali	55f16c3f84	fix: update metadata and logic	2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali	d8b17f1d9f	fix: add ref and update description	2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali	0cddb6194c	Merge pull request #3993 from D4rkCiph3r/patch-1 feat: add new extension to osascript rule	2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali	04227055e4	fix: add reference	2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali	7c38a5c496	chore: add nextron authors tag	2023-02-01 11:14:59 +01:00
$frack113$ frack113	cd58c1baef	fix title case	2023-02-01 06:35:26 +01:00
$frack113$ frack113	26575cc2e0	Update proc_creation_macos_applescript.yml	2023-01-31 17:46:43 +01:00
D4rkCiph3r	596f5471f4	Merge branch 'SigmaHQ:master' into osacompile	2023-01-31 19:22:47 +05:30
D4rkCiph3r	ce577987a2	Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml	2023-01-31 19:20:06 +05:30
D4rkCiph3r	c3b826a76c	Update proc_creation_macos_applescript.yml minor updates to the CLI parameters, based on real-world observations	2023-01-31 19:16:15 +05:30
D4rkCiph3r	440649b087	Create proc_creation_macos_osacompile_run-only_execution.yml	2023-01-31 19:03:35 +05:30
D4rkCiph3r	4c28487480	New Rule for T1115 macOS (#3988 ) feat: add new rule related to osascript reading clipboard	2023-01-31 14:32:08 +01:00
D4rkCiph3r	e4ace3d363	Create proc_creation_macos_macros_execution.yml	2023-01-31 18:48:03 +05:30
D4rkCiph3r	21ac747d36	Update proc_creation_macos_jxa_payoad_execution.yml updated the formats wrt fields structuring	2023-01-31 17:35:27 +05:30
D4rkCiph3r	98250cba9c	Create proc_creation_macos_jxa_payoad_execution.yml	2023-01-31 17:23:24 +05:30
Nasreddine Bencherchali	4006145b8d	fix: filename	2023-01-31 12:53:04 +01:00
Nasreddine Bencherchali	eb26d94c14	fix: order fields and optimize selection	2023-01-31 12:42:20 +01:00
D4rkCiph3r	f67072fddc	Update proc_creation_macos_jxa_in-memory_execution.yml	2023-01-31 16:54:29 +05:30
D4rkCiph3r	87879f69cf	Update proc_creation_macos_jxa_in-memory_execution.yml Indentation corrections and comments	2023-01-31 16:52:17 +05:30
D4rkCiph3r	aa3fa9b7e4	Create proc_creation_macos_jxa_in-memory_execution.yml	2023-01-31 16:06:39 +05:30
TheLawsOfChaos	52e40d10ef	feat: updates multiple mitre tech/sub-tech/tactics (#3913 )	2023-01-12 17:04:38 +01:00
$frack113$ frack113	756a248032	update logsource	2023-01-04 18:52:24 +01:00
Nasreddine Bencherchali	d38195ea31	fix: remove folder start	2022-12-29 11:32:37 +01:00
Nasreddine Bencherchali	425c29cf1c	feat: add new linux rules	2022-12-29 11:17:42 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
$frack113$ frack113	c820216541	Update Title (#3733 )	2022-11-28 06:43:17 +01:00
$frack113$ frack113	cd4121d966	Update Title (#3731 ) Co-authored-by: Florian Roth <venom14@gmail.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-11-27 19:19:27 +01:00
jstnk9	a573a8e1bc	Title modified in several rules (#3728 )	2022-11-25 15:34:38 +01:00
Nasreddine Bencherchali	20b0a6bad8	Rule Dev	2022-11-18 11:15:28 +01:00
Gude5	a3e6856764	new rules: Sigma rules based on Elastic rules (#3632 ) Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-10-28 10:13:44 +02:00
$frack113$ frack113	ad3a3e3b71	Order yaml field 4 (#3628 )	2022-10-25 09:30:05 +02:00
$frack113$ frack113	931fb30853	old experimental rule promotion	2022-10-09 16:54:04 +02:00
nasreddine.bencherchali@nextron-systems.com	33271e9034	Quick update	2022-09-16 09:29:45 +02:00
Nasreddine Bencherchali	1392ca1ec5	Fix review	2022-07-11 20:27:42 +01:00
Nasreddine Bencherchali	238e0ecd7d	Update Ref+Selection	2022-07-11 14:11:53 +01:00
Nasreddine Bencherchali	aec95b6d65	Update selections and indentation	2022-07-07 20:13:45 +01:00
Nasreddine Bencherchali	7e25625976	Update 2	2022-07-07 15:46:49 +01:00
Nasreddine Bencherchali	851d55a41f	Update	2022-07-07 15:37:28 +01:00

1 2

57 Commits