blue-team-tools

Author	SHA1	Message	Date
SethHanford	df4fa62bca	Merge PR #4380 from @SethHanford - Lnx container discovery new: Container Residence Discovery Via Proc Virtual FS new: Docker Container Discovery Via Dockerenv Listing new: Potential Container Discovery Via Inodes Listing --------- Co-authored-by: Seth Hanford <shanford@seth-mba.local> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-24 13:04:25 +02:00
Nasreddine Bencherchali	67d1036566	Merge pull request #4390 from @nasbench - CVE-2023-36874 new: Potential CVE-2023-36874 Exploitation - Uncommon Report.Wer Location new: Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation new: Potential CVE-2023-36874 Exploitation - Fake Wermgr Execution new: Suspicious Execution Location Of Wermgr.EXE - split from 396f6630-f3ac-44e3-bfc8-1b161bc00c4e update: Potential Defense Evasion Via Rename Of Highly Relevant Binaries - enhanced child process list update: Suspicious Child Process Of Wermgr.EXE - update title fix: SCR File Write Event - update modifier --------- Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-24 12:50:57 +02:00
Daniel Bohannon	3ce631af50	Merge pull request #4294 from @danielbohannon - Permiso p0-LUCR-1 (aka GUI-vil) new: AWS IAM S3Browser Templated S3 Bucket Policy Creation --------- Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com> Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-24 12:21:34 +02:00
securepeacock	291ca18d22	Merge pull request #4389 from @securepeacock chore: Dynamic .NET Compilation Via Csc.EXE - add new reference	2023-08-23 18:59:03 +02:00
securepeacock	bad3152ac3	Merge pull request #4388 from @securepeacock chore: Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE - add new reference	2023-08-23 18:52:22 +02:00
gleeiamglo	832c15a4c9	Merge pull request #4384 from @gleeiamglo new: Anonymous IP Address --------- Co-authored-by: gllee <gllee@microsoft.com> Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-08-23 14:45:56 +02:00
phantinuss	2a2db295ce	Merge pull request #4155 from D4rkCiph3r/patch-5 Update proc_creation_macos_add_to_admin_group.yml	2023-08-23 08:57:45 +02:00
phantinuss	ea5db35a52	Merge pull request #4127 from D4rkCiph3r/in-memory-payload Create proc_creation_macos_in-memory_payload_transfer.yml	2023-08-23 08:57:23 +02:00
Nasreddine Bencherchali	22f98bb3d8	Merge pull request #4365 from Mladia/patch-1 Update lnx_auditd_masquerading_crond.yml	2023-08-22 18:53:52 +02:00
Nasreddine Bencherchali	b34f098b0d	Update lnx_auditd_masquerading_crond.yml	2023-08-22 18:36:03 +02:00
Nasreddine Bencherchali	d53f063141	feat: update metadata	2023-08-22 18:22:05 +02:00
Nasreddine Bencherchali	32800437c9	Update proc_creation_macos_dseditgroup_add_to_admin_group.yml	2023-08-22 17:55:17 +02:00
Nasreddine Bencherchali	0f1f792ef9	chore: split rules	2023-08-22 17:48:06 +02:00
Nasreddine Bencherchali	68f843ce2c	Merge pull request #4300 from gr00T0x/jamf feat: add rules related to jamf usage and potential abuse	2023-08-22 15:38:35 +02:00
Nasreddine Bencherchali	7881df8591	Merge pull request #4055 from D4rkCiph3r/root_enable feat: add new to enable root account via dsenableroot	2023-08-22 15:10:26 +02:00
Nasreddine Bencherchali	ae71649ff5	Update rules/macos/process_creation/proc_creation_macos_jamf_susp_child.yml	2023-08-22 15:09:42 +02:00
phantinuss	785ea520dd	fix: wording	2023-08-22 14:56:25 +02:00
phantinuss	9cb0c4d1ac	fix: wording	2023-08-22 14:55:30 +02:00
Nasreddine Bencherchali	b14769e684	feat: update metadata & logic	2023-08-22 14:34:20 +02:00
Nasreddine Bencherchali	006b120859	Merge pull request #4374 from mbabinski/master feat: add search(-ms)/WebDAV abuse rules	2023-08-22 13:51:29 +02:00
Nasreddine Bencherchali	4e75c3b2dc	feat: update detection & metadata	2023-08-22 13:51:14 +02:00
phantinuss	f9893202e5	fix: IPv6 prefix	2023-08-22 13:17:40 +02:00
phantinuss	bc2e0a54e8	fix: level Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-08-22 11:43:40 +02:00
phantinuss	24e7333f15	fix: typo	2023-08-22 11:43:04 +02:00
Nasreddine Bencherchali	89c6ea2ef0	Update rules/web/proxy_generic/proxy_webdav_search_ms.yml Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-22 11:42:08 +02:00
Nasreddine Bencherchali	201066947b	feat: update detection & metadata	2023-08-22 11:00:55 +02:00
Nasreddine Bencherchali	e13510ffa7	Merge pull request #4382 from nasbench/new-rules-august-23 feat: new rules and updates	2023-08-18 15:45:00 +02:00
Nasreddine Bencherchali	3abede2a1c	Update rules/windows/process_creation/proc_creation_win_bginfo_uncommon_child_process.yml	2023-08-18 15:15:52 +02:00
Nasreddine Bencherchali	360475d6ff	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-08-18 15:15:26 +02:00
Nasreddine Bencherchali	be9abb9364	feat: update cl diag script rules	2023-08-17 19:26:21 +02:00
Nasreddine Bencherchali	c39581217a	feat: update rules using file sharing domains	2023-08-17 13:39:59 +02:00
Nasreddine Bencherchali	8aabf25831	Update registry_event_hybridconnectionmgr_svc_installation.yml	2023-08-17 11:21:56 +02:00
$frack113$ frack113	ce7d680d95	Refractor registry_set rules Signed-off-by: frack113 <magicfrancois@gmail.com>	2023-08-17 09:03:30 +02:00
$frack113$ frack113	bb2aea7c4d	Refractor registry_set rules Signed-off-by: frack113 <magicfrancois@gmail.com>	2023-08-17 08:57:52 +02:00
Nasreddine Bencherchali	f21e54e206	feat: update bginfo rules	2023-08-16 21:52:52 +02:00
Nasreddine Bencherchali	802fbd4aa4	Merge branch 'SigmaHQ:master' into new-rules-august-23	2023-08-15 16:20:35 +02:00
Nasreddine Bencherchali	99387042c6	feat: update bash lolbin rules	2023-08-15 16:20:14 +02:00
phantinuss	594d3d86ed	revert trigger error for new test	2023-08-15 13:24:57 +02:00
phantinuss	21c433937d	trigger error for new test	2023-08-15 13:22:09 +02:00
Nasreddine Bencherchali	de8f7d4bbb	Merge branch 'master' of https://github.com/SigmaHQ/sigma into pr/4367	2023-08-15 10:34:11 +02:00
Nasreddine Bencherchali	967f31b241	feat: aspnet compile + agentexecutor rename	2023-08-14 14:38:25 +02:00
Nasreddine Bencherchali	2e9bba557d	feat: add mfdetours unsigned sideload	2023-08-14 09:43:11 +02:00
Nasreddine Bencherchali	cac07b8ecd	Merge pull request #4379 from swachchhanda000/lolbas_msedge_and_teams feat: enhance ftp lolbin rule and fix fp with vsto rule	2023-08-11 14:10:00 +02:00
Nasreddine Bencherchali	0a5d38140d	fix: remove already covered rules and fix metadata	2023-08-11 12:55:33 +02:00
Swachchhanda Poudel	32e0100af2	Added two new lolbas rules and slight modifications on exisiting rules	2023-08-11 16:28:46 +05:45
Nasreddine Bencherchali	52f9569284	Merge pull request #4378 from MarkMorow/master	2023-08-10 16:06:10 +02:00
Nasreddine Bencherchali	fff8191d65	Merge pull request #4377 from nasbench/new-rules-august-23 feat: new rules & updates	2023-08-10 11:56:34 +02:00
Nasreddine Bencherchali	2259a57b9b	fix: duplicate ids and missing selections	2023-08-10 11:20:34 +02:00
Nasreddine Bencherchali	aab060e642	Merge branch 'master' of https://github.com/SigmaHQ/sigma into pr/4376	2023-08-10 10:20:03 +02:00
$frack113$ frack113	450b619c13	Change field name in detection	2023-08-10 06:21:38 +02:00

1 2 3 4 5 ...

12281 Commits