1d40f1d20b
Merge PR #4893 from @ryanplasma - Update Microsoft references URLS
...
chore: update Microsoft references link to use the "learn" subdomain instead of "docs".
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Thanks: @ryanplasma
2024-07-02 12:00:11 +02:00
47085e9489
Merge PR #4891 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2024-07-01 10:42:32 +02:00
d84959e50f
Merge PR #4867 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2024-06-03 10:29:22 +02:00
f7ec533704
Merge PR #4841 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from "experimental" to "test"
2024-05-02 10:34:25 +02:00
86ca651ea6
Merge PR #4801 from @signalblur - Add Pnscan rule
...
new: Pnscan Binary Data Transmission Activity
---------
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2024-04-16 14:36:41 +02:00
a8e1ecd658
Merge PR #4791 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2024-04-01 15:14:10 +02:00
68511f711f
Merge PR #4759 from @joshnck - Add new rules covering incoming TeamViewer connection activity
...
new: Remote Access Tool - Team Viewer Session Started On Linux Host
new: Remote Access Tool - Team Viewer Session Started On MacOS Host
new: Remote Access Tool - Team Viewer Session Started On Windows Host
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-03-15 21:41:29 +01:00
48baf1187b
Merge PR #4752 from @frack113 - Update rules to use the windash modifier
...
update: File Enumeration Via Dir Command - Update logic to use a wildcard in addition, for better accuracy.
chore: update multiple rules to use the windash modifier
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2024-03-11 12:01:30 +01:00
0108cdc344
Merge PR #4745 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
2024-03-01 15:38:35 +01:00
367ebd9395
Merge PR #4700 from @nasbench - Promote older rules status from experimental to test
...
chore: promote older rules status from experimental to test
2024-02-01 02:09:31 +01:00
fade537547
Merge PR #4592 from @skaynum - Create Rule to detect Linux Process Code Injection
...
new: Potential Linux Process Code Injection Via DD Utility
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-12-01 19:29:03 +01:00
ae960f0881
Merge PR #4611 from @nasbench - Promote Older Rules Status From experimental To test
...
chore: promote older rules status from experimental to test
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2023-12-01 12:50:36 +01:00
a6e7cce606
Merge PR #4533 from @nasbench - Promote experimental rules
...
chore: promote older rules status from `experimental` to `test`
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2023-11-02 10:48:45 +01:00
8bf3282194
Merge PR #4524 from @wagga40 - Fix Typos In Metadata Fields
...
update: Registry Persistence via Service in Safe Mode - Fix typo in title
chore: Fix multiple typo in metadata fields and comments
---------
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2023-10-28 13:15:09 +02:00
7071370989
Merge PR #4508 from @gs3cl - Update Hacktool and Network Scanner Linux Rules
...
update: Linux HackTool Execution - Increase coverage by adding more tools
update: Linux Network Service Scanning Tools Execution - Increase coverage by adding more tools
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
2023-10-28 12:40:22 +02:00
95793d73bd
Merge PR #4482 From @nasbench - Add New Automation Workflows
...
chore: update workflows and add quality of life updates and automation to the repository
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-10-18 11:53:44 +02:00
020fc8061f
Merge PR #4479 From @frack113 - Upgrade Rules Status
...
chore: Upgrade status level from `experimental` to `test` for rules that have not changed in 300 days
---------
Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2023-10-17 14:35:26 +02:00
e738fff0a3
Merge PR #4425 from @kidrek - ESXi Syslog Configuration Change Via ESXCLI
...
new: ESXi Syslog Configuration Change Via ESXCLI
---------
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-09-07 15:49:06 +02:00
b177b1e46b
Merge PR #4424 from @kidrek - Account Creation Via ESXCLI
...
new: ESXi Account Creation Via ESXCLI
---------
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-09-06 11:43:21 +02:00
359292e572
Merge PR #4396 from @kidrek - Add New Rules Related To ESXCLI Usage
...
new: ESXi Network Configuration Discovery Via ESXCLI
new: ESXi Admin Permission Assigned To Account Via ESXCLI
new: ESXi Storage Information Discovery Via ESXCLI
new: ESXi System Information Discovery Via ESXCLI
new: ESXi VM List Discovery Via ESXCLI
new: ESXi VM Kill Via ESXCLI
new: ESXi VSAN Information Discovery Via ESXCLI
---------
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-09-06 11:42:23 +02:00
60b8e9b70f
Merge PR #4392 from @tjgeorgen - Update MITRE Tags
...
- update: update MITRE tags for multiple rules
---------
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2023-08-28 16:53:27 +02:00
df4fa62bca
Merge PR #4380 from @SethHanford - Lnx container discovery
...
new: Container Residence Discovery Via Proc Virtual FS
new: Docker Container Discovery Via Dockerenv Listing
new: Potential Container Discovery Via Inodes Listing
---------
Co-authored-by: Seth Hanford <shanford@seth-mba.local >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-08-24 13:04:25 +02:00
1e0fb02ef7
Update proc_creation_lnx_ssm_agent_abuse.yml
2023-08-04 00:09:48 +02:00
d854c66616
Title has been update to avoid duplication.
2023-08-03 19:38:29 +05:00
5c0f48ae55
New rule created for Linux OS.
2023-08-03 18:35:12 +05:00
44e0625360
fix: update rules for tests
2023-06-19 09:24:18 +02:00
22628faaf0
feat: add rules related to Barracuda ESG exploitation
2023-06-18 22:14:57 +02:00
04cf7e9ea3
feat: new linux rules related to GobRAT malware ( #4272 )
2023-06-02 15:49:43 +02:00
331a65103f
feat: add new rule related to linux sensitive file tampering ( #4263 )
2023-05-30 16:23:19 +02:00
239afc945d
fix: update curl rules flags to use regex ( #4213 )
2023-05-03 10:16:01 +02:00
4b8f70fb97
feat: add new rules related to linux reverse shells ( #4166 )
2023-04-25 11:03:11 +02:00
999cd5763a
chore: split selection clause into two ( #4160 )
2023-04-05 05:04:54 +02:00
a035aa0385
feat: new rule related to process termination using kill ( #4112 )
2023-03-20 22:04:26 +01:00
2a1124e95e
feat: new rules Linux Package Uninstall ( #4098 )
2023-03-13 00:04:53 +01:00
e3503d5d60
feat: more updates
2023-03-06 00:39:26 +01:00
273fdb9985
fix: typos in multiple rules ( #4011 )
2023-02-06 13:53:23 +01:00
7c38a5c496
chore: add nextron authors tag
2023-02-01 11:14:59 +01:00
66700a69e2
Merge pull request #3994 from ionsor/patch-8
...
Update proc_creation_lnx_hack_tools.yml
2023-01-31 17:45:11 +01:00
2684f0f63c
fix: remove unnecessary entry
2023-01-31 17:21:42 +01:00
412efdad03
fix: update selection
2023-01-31 17:15:49 +01:00
164ee358c3
fix: update modified date
2023-01-31 17:12:20 +01:00
6a337151d1
feat: apply suggestions from code review
...
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2023-01-31 17:11:18 +01:00
8f6242c35f
Update proc_creation_lnx_hack_tools.yml
...
added to the list of hacking tools, Linpeas, a privilege escalation script
2023-01-31 17:01:17 +01:00
33952874f1
fix: update selection
2023-01-31 14:14:50 +01:00
e158d6c1eb
feat: add shadow file
2023-01-31 12:25:33 +01:00
6a65920dd6
feat: new rules from blackberry
2023-01-31 00:38:06 +01:00
1033b3f404
change status to test
2023-01-27 06:48:34 +01:00
7d2b70cb91
feat: add bpf related rules
2023-01-25 01:14:49 +01:00
1c0bf6e262
feat: update windows firewall rules
2023-01-17 19:01:37 +01:00
85fb255bc9
feat: new rules and updates
2023-01-17 01:00:44 +01:00
Ryan Plas