security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,880 Commits 1 Branch 57 Tags
dbf4e053094df9ef4df7ac262a2447bdfd0242e4
Commit Graph

4542 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 63888f7a53 feat: multiple fixes and updates 2023-02-21 22:15:30 +01:00
Nasreddine Bencherchali 41e844e0cc fix: add missing modified 2023-02-20 17:08:48 +01:00
Wagga 7387648bb1 Update proc_creation_win_mstsc_remote_connection.yml 2023-02-20 14:13:26 +01:00
Wagga e7492c0f75 Update proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:51 +01:00
Wagga fae6d7066a Update and rename proc_creation_win_apt_cozy_bear_phishing_campaing_indicators.yml to proc_creation_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:12:32 +01:00
Wagga 71b849146c Update proc_creation_win_certutil_export_pfx.yml 2023-02-20 14:11:48 +01:00
Nasreddine Bencherchali b1866adb07 Merge pull request #4049 from nasbench/nasbench-rule-devel 
feat: new rules, updates and fixes
 2023-02-20 13:44:04 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Yamato Security 9c673bbb15 added other potential IEX strings 2023-02-18 05:51:40 +09:00
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali 164b3a36b6 Merge pull request #4043 from nasbench/certutil-other-updates 
feat: certutil rules updates + other fixes
 2023-02-16 11:45:08 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 416c10e0d3 fix: yaml error in description 2023-02-16 11:15:06 +01:00
Nasreddine Bencherchali 4142819114 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:06:57 +01:00
Nasreddine Bencherchali 362f4e4e60 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 11:05:38 +01:00
Nasreddine Bencherchali e2068c5cd0 Merge pull request #4001 from mbabinski/master 
feat: new rule related to Right-to-left override character in the CLI
 2023-02-16 10:54:13 +01:00
Nasreddine Bencherchali 088ff06cc3 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-16 10:46:29 +01:00
Nasreddine Bencherchali e2acd4a276 fix: add missing space 2023-02-16 01:40:01 +01:00
Nasreddine Bencherchali 927affe24a fix: update metadata 2023-02-16 01:39:16 +01:00
Micah Babinski 0634364e5c Updated rule with YAML unicode escaping 2023-02-15 14:54:37 -08:00
Nasreddine Bencherchali f951fc7536 fix: remove unrelated bitsadmin selection 2023-02-15 21:18:38 +01:00
Nasreddine Bencherchali d56da92948 fix: broken selection 2023-02-15 19:58:48 +01:00
Nasreddine Bencherchali 7ec76db26c Merge branch 'master' into wmic-rules-updates 2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali 58e5201317 feat: update bitsadmin rules and other 2023-02-15 19:55:40 +01:00
Nasreddine Bencherchali c168a7ad00 feat: update certutil rules 2023-02-15 19:55:39 +01:00
Nasreddine Bencherchali 5aeedfa813 fix: increase severity 2023-02-14 23:35:09 +01:00
Nasreddine Bencherchali 8506dcaec8 feat: add related field 2023-02-14 23:34:14 +01:00
Nasreddine Bencherchali cbbf443eb5 feat: add localpotato binary rule 2023-02-14 19:57:26 +01:00
Nasreddine Bencherchali 514eeb63fd fix: typo in related field 2023-02-14 19:43:20 +01:00
Nasreddine Bencherchali 2ef681291a feat: more rules updates 2023-02-14 19:30:18 +01:00
Nasreddine Bencherchali 4f59a13d46 feat: update wmic rules 2023-02-14 19:30:18 +01:00
Nasreddine Bencherchali 568db7bb1e fix: apply suggestions from code review 2023-02-14 13:24:09 +01:00
Nasreddine Bencherchali ddf464b9de fix: add missing modified date 2023-02-14 01:11:42 +01:00
Nasreddine Bencherchali 492e35872c feat: more updates 2023-02-14 01:08:25 +01:00
Nasreddine Bencherchali cd345251c3 fix: broken selection 2023-02-14 00:52:52 +01:00
Nasreddine Bencherchali 27aac97639 feat: updates and enhancements 2023-02-14 00:51:20 +01:00
Nasreddine Bencherchali a79abaaf45 Merge pull request #4033 from qasimqlf/patch-32 
feat: add missing `OriginalFileName` field
 2023-02-13 14:48:10 +01:00
Qasim Qlf 1adec45ca6 fix: add OriginalFileName (#4032) 2023-02-13 14:40:54 +01:00
Qasim Qlf ab611c29ba fix: updated condition (#4031) 2023-02-13 14:37:33 +01:00
Qasim Qlf 7b435afa4d feat: add missing OriginalFileName field 2023-02-11 23:04:18 +05:00
Nasreddine Bencherchali 095b41370f Merge pull request #4027 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-10 10:59:14 +01:00
Nasreddine Bencherchali 5e3aae4970 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-10 10:38:45 +01:00
Nasreddine Bencherchali 5f6258fe57 fix: add missing modified 2023-02-10 00:48:13 +01:00
Nasreddine Bencherchali 82cde0e10c feat: update rules related to onenote and more 2023-02-10 00:40:16 +01:00
Abe bea7614718 Remove Trailing space 
The trailing space causes this rule not to trigger when the extension is used (cmd.exe), eg: 
CommandLine: "C:\Windows\system32\cmd.exe" /r < "C:\Users\Administrator\desktop\test.txt"
 2023-02-09 18:07:56 -05:00
Nasreddine Bencherchali c4d8be3780 fix: duplicate titles 2023-02-09 16:06:09 +01:00
Nasreddine Bencherchali da012ad80d fix: resolves #4014 2023-02-09 15:48:13 +01:00
Qasim Qlf c8c32bf1d4 feat: add missing OriginalFileName field (#4026) 
Add missing 'rundll32' OriginalFileName field to some process creation rules
 2023-02-09 15:09:23 +01:00