blue-team-tools

Author	SHA1	Message	Date
Mohamed Ashraf	dc83671da0	Update proxy_ua_malware.yml	2023-03-27 13:13:16 +02:00
Mohamed Ashraf (X__Junior)	e868b66592	Update proxy_ua_malware.yml	2023-03-27 11:10:14 +02:00
Paul Schiffer	b83c8aaf60	fix: typo in command line argument (#4140 )	2023-03-24 15:46:46 +01:00
Gavin Knapp	ec892dec93	feat: new rule `proxy_susp_ipfs_cred_harvest.yml` (#4113 )	2023-03-24 12:29:25 +01:00
phantinuss	85423f784c	fix: condition filtering on all filters	2023-03-24 10:59:01 +01:00
phantinuss	aa1ab49773	fix: FPs found in testing environment	2023-03-24 10:41:21 +01:00
phantinuss	330b68cac3	Merge pull request #4128 from gs3cl/gesec_winpeas Update proc_creation_win_hktl_winpeas.yml	2023-03-24 08:40:11 +01:00
gs3cl	df54e30ec8	chg author	2023-03-23 20:07:09 +01:00
Nasreddine Bencherchali	a504ab6927	fix: add cli option	2023-03-23 15:36:13 +01:00
Nasreddine Bencherchali	d48a08c441	fix: update selection choices	2023-03-23 15:30:48 +01:00
Nasreddine Bencherchali	d14e287cdf	Merge pull request #4134 from nasbench/nasbench-rule-devel fix: fp found in testing	2023-03-23 12:19:39 +01:00
Nasreddine Bencherchali	07956e26e9	fix: remove version number Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-23 12:11:29 +01:00
phantinuss	afcbc08c85	fix: FP found in testing	2023-03-23 10:52:08 +01:00
Nasreddine Bencherchali	0ccef7822e	fix: fp found in testing	2023-03-22 20:31:33 +01:00
Mohamed Ashraf	4c3296ce7a	feat: new rule related to possible iviewers.dll sideloading (#4131 )	2023-03-22 17:54:02 +01:00
xFFninja	a0732b0d17	fix: update incorrect event field `Accesses` (#4133 ) This PR fixes the use of an incorrect field name in the rule rules/windows/builtin/security/win_security_exploit_cve_2023_23397_outlook_remote_file_query.yml	2023-03-22 12:21:30 +01:00
Nasreddine Bencherchali	bf148ad0ac	fix: fp found in testing	2023-03-21 16:32:46 +01:00
D4rkCiph3r	da468ec37a	feat: new rule `proc_creation_macos_add_to_admin_group`.yml (#4121 )	2023-03-21 11:29:42 +01:00
phantinuss	a046b1c33a	Merge pull request #4122 from cyb3rjy0t/patch-6 azure_ad_suspicious_signin_bypassingMFA	2023-03-21 09:37:24 +01:00
phantinuss	664d4b7b3e	Merge pull request #4125 from X-Junior/new_malware_ua feat : new malware UA	2023-03-21 08:59:53 +01:00
phantinuss	98ab4bcd6a	fix: wording	2023-03-21 08:58:22 +01:00
gs3cl	302b42267f	Update proc_creation_win_hktl_winpeas.yml fix error	2023-03-21 08:26:22 +01:00
gs3cl	1dc81a5455	Update proc_creation_win_hktl_winpeas.yml - add selection_linpeas_option - add selection_default_dl - chg AND to OR for OriginalFileName	2023-03-21 07:52:35 +01:00
tuan	a035aa0385	feat: new rule related to process termination using `kill` (#4112 )	2023-03-20 22:04:26 +01:00
Nasreddine Bencherchali	b253e8cafc	fix: apply suggestions from code review	2023-03-20 22:02:38 +01:00
Nasreddine Bencherchali	556ff56850	Merge pull request #4115 from YamatoSecurity/update-CIDR-rules fix: FPs on CIDR rules	2023-03-20 21:42:23 +01:00
gs3cl	e50d06b687	Update proc_creation_win_hktl_winpeas.yml	2023-03-20 21:31:40 +01:00
Nasreddine Bencherchali	eb5d96f270	fix: update modified	2023-03-20 16:44:29 +01:00
Mohamed Ashraf (X__Junior)	87404ea1e1	Update proxy_ua_malware.yml	2023-03-20 17:41:13 +02:00
phantinuss	d6b91a9abf	fix: file extension (3)	2023-03-20 09:54:28 +01:00
phantinuss	23fc8e1d0c	fix: file extension (2)	2023-03-20 09:40:23 +01:00
phantinuss	f53e9676bb	fix: missing file extention	2023-03-20 08:55:49 +01:00
cyb3rjy0t	14eea4ebcb	azure_ad_suspicious_signin_bypassingMFA	2023-03-20 00:41:33 -04:00
Nasreddine Bencherchali	b52abdef5c	Merge pull request #4120 from leer-ts/master feat: add new rule related to `CVE-2023-23397` exploitation	2023-03-17 23:39:49 +01:00
Nasreddine Bencherchali	4bcf5b75a7	fix: remove backslash and add example	2023-03-17 23:32:10 +01:00
Nasreddine Bencherchali	4a171ae82d	fix: add definition section Added a definition section to indicate that SACLs are required	2023-03-17 23:26:38 +01:00
Nasreddine Bencherchali	cf49c5d509	fix: update rule for SIGMAHQ standard	2023-03-17 23:14:40 +01:00
Qasim Qlf	685c3d7970	fix: detection name word 'activity' (#4119 )	2023-03-17 23:11:15 +01:00
leer-ts	d456305533	Create win_security_outlook_remote_file.yml	2023-03-17 17:52:12 -04:00
Yamato Security	bc8ee0831a	revert comments	2023-03-18 04:54:43 +09:00
Yamato Security	f05993bbbe	update comment	2023-03-18 04:47:42 +09:00
Yamato Security	fa472be0fd	Update rules/windows/builtin/security/win_security_successful_external_remote_smb_login.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-18 04:31:25 +09:00
Yamato Security	ae8199b9fa	Update rules/windows/builtin/security/win_security_successful_external_remote_rdp_login.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-03-18 04:31:01 +09:00
Hieu Tran	0e934bd4b4	feat: new rules related to ZScaler blog - OneNote: A Growing Threat for Malware Distribution (#4111 )	2023-03-17 13:00:57 +01:00
$frack113$ frack113	9ce7f083ef	feat: new rule `Potential Binary Or Script Dropper Via PowerShell.EXE` (#4116 )	2023-03-17 12:56:02 +01:00
Yamato Security	4fc5bd98aa	update author line	2023-03-17 08:47:01 +09:00
Florian Roth	0ebbd09ab4	fix: removed unnecessary escapes	2023-03-16 22:54:41 +01:00
Florian Roth	e4864b43d2	fix: regular expression	2023-03-16 22:46:08 +01:00
Yamato Security	2600f9781d	remove list of 1	2023-03-17 05:05:22 +09:00
Yamato Security	dcc38973cd	update CIDR rules	2023-03-17 04:26:20 +09:00

1 2 3 4 5 ...

11802 Commits