security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
4,110 Commits 1 Branch 57 Tags
e78d7e6aeefdfd6965705bb769cf5fb983eef4f7
Commit Graph

80 Commits

Author SHA1 Message Date
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 9c8e1387a9 rule: Solarwinds SUPERNOVA web shell access 2020-12-17 09:05:08 +01:00
Florian Roth cfe60d180b Merge pull request #1301 from d4rk-d4nph3/master 
Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.
 2020-12-08 11:09:51 +01:00
Florian Roth 2c642c64d2 Removed a value 2020-12-08 10:38:32 +01:00
Florian Roth a87a81d8cc Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml 2020-12-08 10:33:52 +01:00
Bhabesh Rai 3ddf940812 Added rule for Fortinet CVE-2018-13379 preauth file read exploitation. 2020-12-08 14:46:47 +05:45
mat b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Florian Roth 908023fa66 rule: added second expression 2020-11-04 16:43:35 +01:00
Florian Roth f848bb912c rule: reworked weblogic CVE-2020-14882 rule 2020-11-03 10:39:40 +01:00
Florian Roth dd0d1d053c rule: WebLogic exploit CVE-2020-14882 2020-11-02 11:11:37 +01:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov cf011e4a00 Removed duplicate key 'modified' 2020-09-03 17:12:37 +03:00
Alexey Lednyov 1eb675f693 att&ck tags review: web, network/zeek 2020-09-03 17:06:37 +03:00
Florian Roth 5625f471d7 Merge pull request #963 from diskurse/rule-devel 
win_webshell_regeorg.yml
 2020-08-03 13:51:16 +02:00
Florian Roth 3abc3d0a76 docs: add FP condition 2020-08-03 13:50:47 +02:00
Florian Roth 6f7aecbe06 fix: preventive change to avoid FPs 2020-08-03 13:49:52 +02:00
Cian Heasley de33b953ba Add files via upload 
Webshell ReGeorg Detection Via Web Logs
 2020-08-03 12:20:04 +01:00
Ryan Plas 3bb45f00af Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values 2020-07-11 00:00:21 -04:00
Florian Roth 129925ce0b rule: improved Citrix rule 2020-07-10 18:15:35 +02:00
Florian Roth 383953c74e rule: better rule name and descriptions, plus MITRE ATT&CK tags 2020-07-10 17:55:13 +02:00
Florian Roth 0d89208242 rule: updated Citrix rule 2020-07-10 17:49:18 +02:00
Florian Roth eda08e3a89 rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 2020-07-10 17:45:11 +02:00
Florian Roth acfe20aa34 rule: extended F5 BIG-IP exploitation detection rule 2020-07-07 21:45:08 +02:00
Florian Roth 13ab00f744 improved F5 BIG-IP rule based on private feedback 2020-07-05 16:21:48 +02:00
Florian Roth fbe6c0e7d9 improved F5 BIG-IP rule 2020-07-05 13:29:30 +02:00
Florian Roth f079d0f915 rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt 
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
 2020-07-05 13:18:53 +02:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth cdf1ade625 fix: typo in selection 2020-05-26 12:27:16 +02:00
Florian Roth 828484d7c6 rule: confluence exploit CVE-2019-3398 2020-05-26 12:09:41 +02:00
neu5ron b575df8cd7 use the taxonomy for http response which is sc-status 2020-03-14 15:02:33 -04:00
neu5ron 4cd99e71bf use the taxonomy which states to use c-uri instead of c-uri-path 2020-03-14 15:02:06 -04:00
neu5ron d212d43acf spelling 2020-03-14 14:58:25 -04:00
Florian Roth 15a400ac51 fix: fixing bug in rule 2020-02-29 15:51:00 +01:00
Florian Roth fa6458b70f rule: two rules to detect CVE-2020-0688 exploitation 2020-02-29 15:45:45 +01:00
Remco Hofman 4f45e14a56 Match on c-uri instead of c-uri-path 2020-02-27 13:23:25 +01:00
Remco Hofman ff35eb0052 Title capitalization 2020-02-27 12:56:56 +01:00
Remco Hofman 72e34d2aa5 CVE 2020-0688 Exploit attempt rule 2020-02-27 12:51:10 +01:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Florian Roth efd3af0812 fix: fixed missing date fields in other files 2020-01-30 15:32:39 +01:00
2d4d e35ebcc185 complete_cve_2019-19781 2020-01-15 21:59:33 +01:00
Florian Roth 5ef64e4e99 rule: changes at Shitrix rule 2020-01-13 20:15:08 +01:00
2d4d 364e859a6b add newbm.pl 2020-01-12 00:29:10 +01:00
Florian Roth a29c832b6a rule: updated netscaler rule 2020-01-07 14:42:16 +01:00
Florian Roth c9a75a8371 fix: shortened path in Citrix Netscaler rule 2020-01-07 13:00:28 +01:00
2d4d 35fbdd1248 add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 01:48:29 +01:00
2d4d b98e57603e add rule for Citrix Netscaler CVE-2019-19781 2020-01-03 00:34:52 +01:00
Florian Roth fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
James Ahearn eae7e3ab10 Web Source Code Enumeration via .git 2019-06-08 22:40:28 -04:00
Florian Roth 8c4b21f063 Rule: Apache threading errors 2019-01-22 08:49:10 +01:00