security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

13 Commits

Author SHA1 Message Date
frack113 4631d0c482 remove invalid tag 2022-01-19 18:23:30 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
Jonhnathan aeb3218dfb Update net_susp_dns_txt_exec_strings.yml 2020-10-15 23:11:16 -03:00
Mike Wade 1ddba05eb2 Second round 2020-09-15 07:02:30 -06:00
Alexey Lednyov 880b10cce1 att&ck tags review: windows/process_creation part 1, network 2020-08-27 20:43:47 +03:00
Ivan Kirillov 0fbfcc6ba9 Initial round of subtechnique updates 2020-06-16 14:46:08 -06:00
Florian Roth d42e87edd7 fix: fixed casing and long rule titles 2020-01-30 17:26:09 +01:00
Thomas Patzke 0592cbb67a Added UUIDs to rules 2019-11-12 23:12:27 +01:00
Thomas Patzke f51e918a2e Small rule change 2019-05-09 23:57:55 +02:00
MadsRC 41b4d800c5 Update net_susp_dns_txt_exec_strings.yml 
Fixed my botched YAML syntax...
 2019-04-04 08:35:37 +02:00
MadsRC d0d51b6601 Update net_susp_dns_txt_exec_strings.yml 
The references indicate that this rule should apply to TXT records, but without specifying that the "record_type" must be "TXT" there's the potential for a lot of false positives.

"record_type" was chosen as that fits with Splunks "Network Resolution (DNS)" datamodel.
 2019-04-03 20:31:31 +02:00
Thomas Patzke 58afccb2f3 Fixed ATT&CK tagging 2018-08-08 15:58:19 +02:00
yt0ng e44b4f450e DNS TXT Answer with possible execution strings 
https://twitter.com/stvemillertime/status/1024707932447854592
 2018-08-08 15:51:56 +02:00