security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,880 Commits 1 Branch 57 Tags
dbf4e053094df9ef4df7ac262a2447bdfd0242e4
Commit Graph

9224 Commits

Author SHA1 Message Date
Nasreddine Bencherchali dbf4e05309 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-02-21 22:16:07 +01:00
Nasreddine Bencherchali 63888f7a53 feat: multiple fixes and updates 2023-02-21 22:15:30 +01:00
phantinuss ecc41ad20b fix: FP with chocolatey 2023-02-21 16:38:05 +01:00
Nasreddine Bencherchali 41e844e0cc fix: add missing modified 2023-02-20 17:08:48 +01:00
Wagga 7387648bb1 Update proc_creation_win_mstsc_remote_connection.yml 2023-02-20 14:13:26 +01:00
Wagga e7492c0f75 Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:51 +01:00
Wagga fae6d7066a Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:32 +01:00
Wagga 71b849146c Update proc_creation_win_certutil_export_pfx.yml 2023-02-20 14:11:48 +01:00
Wagga ffc9044b07 Update registry_add_persistence_amsi_providers.yml 2023-02-20 14:11:11 +01:00
Wagga 2d283ff885 Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:10:03 +01:00
Nasreddine Bencherchali b1866adb07 Merge pull request #4049 from nasbench/nasbench-rule-devel 
feat: new rules, updates and fixes
 2023-02-20 13:44:04 +01:00
Qasim Qlf 2ec65de9a2 fix: taskName property 2023-02-20 16:08:53 +05:00
m4nbat ae469ddefe New rules added for LockBit and Reddit used for C2. (#4045) 2023-02-20 12:07:02 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 1d4a6dee3d fix: more fp 2023-02-17 23:23:31 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Yamato Security 9c673bbb15 added other potential IEX strings 2023-02-18 05:51:40 +09:00
Nasreddine Bencherchali ee7d1d9890 feat: add reference 2023-02-17 19:58:26 +01:00
Nasreddine Bencherchali 787ea00ff7 feat: new rule for events.asp technique 2023-02-17 19:41:14 +01:00
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali 164b3a36b6 Merge pull request #4043 from nasbench/certutil-other-updates 
feat: certutil rules updates + other fixes
 2023-02-16 11:45:08 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 416c10e0d3 fix: yaml error in description 2023-02-16 11:15:06 +01:00
Nasreddine Bencherchali 4142819114 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:06:57 +01:00
Nasreddine Bencherchali 362f4e4e60 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:05:38 +01:00
Nasreddine Bencherchali e2068c5cd0 Merge pull request #4001 from mbabinski/master 
feat: new rule related to Right-to-left override character in the CLI
 2023-02-16 10:54:13 +01:00
Nasreddine Bencherchali 088ff06cc3 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 10:46:29 +01:00
Nasreddine Bencherchali e2acd4a276 fix: add missing space 2023-02-16 01:40:01 +01:00
Nasreddine Bencherchali 927affe24a fix: update metadata 2023-02-16 01:39:16 +01:00
Micah Babinski 0634364e5c Updated rule with YAML unicode escaping 2023-02-15 14:54:37 -08:00
Nasreddine Bencherchali f951fc7536 fix: remove unrelated bitsadmin selection 2023-02-15 21:18:38 +01:00
Nasreddine Bencherchali d56da92948 fix: broken selection 2023-02-15 19:58:48 +01:00
Nasreddine Bencherchali 7ec76db26c Merge branch 'master' into wmic-rules-updates 2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali 58e5201317 feat: update bitsadmin rules and other 2023-02-15 19:55:40 +01:00
Nasreddine Bencherchali c168a7ad00 feat: update certutil rules 2023-02-15 19:55:39 +01:00
frack113 e52edb69c4 Merge pull request #4039 from fornotes/master 
Added New Rule for LPE via StorSvc DLL Hijack
 2023-02-15 19:18:39 +01:00
Nasreddine Bencherchali 39e957d7ee fix: update title 2023-02-15 19:11:39 +01:00
Nasreddine Bencherchali 33207aa7ab fix: change link to permalink 2023-02-15 13:37:05 +01:00
Nasreddine Bencherchali 2fd43cbe82 fix: typo in field 2023-02-15 13:27:56 +01:00
Nasreddine Bencherchali c99d1f1876 fix: add some missing fields 2023-02-15 13:25:59 +01:00
fornotes 8876b4ba01 added SprintCSP.dll for StorSvc DLL Hijack 2023-02-15 11:37:18 +00:00
fornotes 96d774babd removed file_event_win_storsvc_dll_hijack.yml 
as suggested by  nasbench
 2023-02-15 11:29:57 +00:00
Nasreddine Bencherchali 5aeedfa813 fix: increase severity 2023-02-14 23:35:09 +01:00
Nasreddine Bencherchali 8506dcaec8 feat: add related field 2023-02-14 23:34:14 +01:00
Nasreddine Bencherchali cbbf443eb5 feat: add localpotato binary rule 2023-02-14 19:57:26 +01:00
Nasreddine Bencherchali 514eeb63fd fix: typo in related field 2023-02-14 19:43:20 +01:00
Nasreddine Bencherchali 7b86bea7ac fix: add missing modified 2023-02-14 19:30:19 +01:00
Nasreddine Bencherchali 2ef681291a feat: more rules updates 2023-02-14 19:30:18 +01:00