security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

582 Commits

Author SHA1 Message Date
Thomas Patzke a88c853237 Merge pull request #1251 from oscd-initiative/oscd_art_linux_task_26_T1518.001 
[OSCD] ART sync, test T1518.001: Security Software Discovery (Linux)
 2020-12-30 22:40:32 +01:00
Thomas Patzke 436fd37655 Merge pull request #1252 from oscd-initiative/oscd_art_macos_task_55_T1553.001 
[OSCD] ART sync, test T1553.001: Gatekeeper Bypass (macOS)
 2020-12-30 22:39:36 +01:00
Thomas Patzke 5de952d488 Merge pull request #1253 from oscd-initiative/oscd_art_macos_task_60_T1562.001 
[OSCD] ART sync, test T1562.001: Disable or Modify Tools (macOS)
 2020-12-30 22:39:15 +01:00
Thomas Patzke e223d34a6e Merge pull request #1257 from alejandroortuno/service-scanning 
[OSCD] Network Service Scanning
 2020-12-30 22:35:47 +01:00
Thomas Patzke 5c03c4d4ec Merge pull request #1258 from alejandroortuno/applescript 
[OSCD] MacOS Applescript
 2020-12-30 22:31:30 +01:00
Thomas Patzke 06c168d9b2 Merge pull request #1259 from alejandroortuno/firewall 
[OSCD] Firewall Disable (Linux)
 2020-12-30 22:30:41 +01:00
Florian Roth 7954684fbf Merge pull request #1260 from alejandroortuno/remote-system-discovery 
[OSCD] Remote System Discovery
 2020-12-21 18:32:08 +01:00
Florian Roth 64197d0dec Merge pull request #1261 from alejandroortuno/emond 
[OSCD] MacOS Emond Launch Daemon
 2020-12-21 18:30:56 +01:00
yugoslavskiy 378f663502 Update lnx_clear_logs.yml 2020-12-02 01:28:29 +01:00
yugoslavskiy 6ce08935bb Update lnx_file_deletion.yml 2020-12-02 01:27:35 +01:00
yugoslavskiy 1c4c5af99f Update lnx_clear_logs.yml 2020-12-02 01:24:59 +01:00
Ömer Günal 4ab522815b Update lnx_clear_logs.yml 2020-12-01 21:28:12 +03:00
Ömer Günal d0bb6e9e81 Update lnx_file_deletion.yml 2020-12-01 21:24:57 +03:00
yugoslavskiy 424f1523d8 restore original rule 2020-11-30 01:32:06 +01:00
yugoslavskiy e1cd98c97d restore original rule 2020-11-30 01:31:00 +01:00
yugoslavskiy 69de4598fd restore the original file 2020-11-29 21:32:46 +01:00
yugoslavskiy 871f965109 Update lnx_susp_named.yml 2020-11-29 21:31:54 +01:00
yugoslavskiy 769ef23ccf restore the original file 2020-11-29 21:30:50 +01:00
yugoslavskiy 8c2f884504 restore the rule 2020-11-28 18:53:13 +01:00
yugoslavskiy 5afb445b8b restored the rule 2020-11-28 18:52:43 +01:00
Florian Roth c17c034cb5 Changed selections and condition 
see manpage for security tool on macOS
https://gist.github.com/Capybara/6228955
 2020-11-27 19:23:31 +01:00
Tim I 78d201ad15 Fix value modifier and add a slash 2020-11-24 23:06:21 +03:00
Alejandro Ortuno 000c038ede Retrigger tests 2020-11-20 09:30:43 +01:00
Alejandro Ortuno cfcda8d25f Trigger new test execution 2020-11-20 09:29:09 +01:00
Ömer Günal 1582c5230a Update lnx_process_discovery.yml 2020-11-18 23:25:15 +03:00
Thomas Patzke 199a897f75 Fix rule indent 2020-11-17 10:12:55 +01:00
yugoslavskiy 2939b33ab5 Update lnx_network_service_scanning.yml 2020-11-16 01:00:09 +01:00
Ömer Günal edc416a1d8 Update lnx_system_info_discovery.yml 2020-11-14 19:24:23 +03:00
Ömer Günal 821bdf8ab4 Update lnx_install_root_certificate.yml 2020-11-14 19:19:28 +03:00
Ömer Günal 19cad11a4a Update lnx_system_info_discovery.yml 2020-11-10 20:11:49 +03:00
Ömer Günal ab959394ab Update lnx_install_root_certificate.yml 2020-11-10 20:09:46 +03:00
Ömer Günal f41accab33 Update lnx_install_root_certificate.yml 2020-11-10 20:09:03 +03:00
Alejandro Ortuno ad031d97ee Filter out listening mode on nc 2020-11-09 10:32:56 +01:00
Ömer Günal 577165b7f7 Update lnx_system_info_discovery.yml 2020-11-08 11:09:27 +03:00
Ömer Günal 0e4a5baf1a Update lnx_install_root_certificate.yml 2020-11-08 11:08:30 +03:00
Ömer Günal 499a8f85b0 Update lnx_install_root_certificate.yml 2020-11-08 11:06:11 +03:00
Ömer Günal 5dc3472af0 Update lnx_system_info_discovery.yml 2020-11-07 11:51:53 +03:00
Ömer Günal 89a24d4bfa Update lnx_install_root_certificate.yml 2020-11-07 11:50:30 +03:00
yugoslavskiy c17e8574d0 change the syntax a bit and removed .service suffix as it is 
[redundant](https://www.freedesktop.org/software/systemd/man/systemctl.html]:

```
Unit commands listed above take either a single unit name (designated as UNIT), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified (unit name is "abbreviated"), systemctl will append a suitable suffix, ".service" by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

# systemctl start sshd
and
# systemctl start sshd.service

are equivalent
```
 2020-11-06 20:56:08 +01:00
Alejandro Ortuno 7c5067ade4 Making it a global rule 2020-11-06 10:25:59 +01:00
Alejandro Ortuno a9a90e024c make it global rule 2020-11-06 09:56:49 +01:00
Alejandro Ortuno 5918cc0a3d remove cat 2020-10-29 09:58:58 +01:00
Alejandro Ortuno 0c0c1725fa refactor detections 2020-10-29 09:34:47 +01:00
yugoslavskiy 167e9745cd Update macos_remote_system_discovery.yml 2020-10-29 02:06:45 +01:00
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Alejandro Ortuno c83d5a3d65 Added some minor tuning of ip ranges 2020-10-26 09:45:13 +01:00
Alejandro Ortuno 11df6c2566 Sigma rule 2020-10-23 10:16:59 +02:00