security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

193 Commits

Author SHA1 Message Date
Jonhnathan 43ffb80d94 Remove additional backslash 2020-11-19 23:09:50 -03:00
Jonhnathan 44652c4ffd Remove additional backslash 2020-11-19 23:08:40 -03:00
Roberto Rodriguez 972326f761 A few more - 7 Rules 2020-10-29 21:11:41 -04:00
Jonhnathan bfb50a3d42 Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
nsaddler 8d1b863182 Update sysmon_in_memory_powershell.yml 2020-10-18 01:16:11 +03:00
yugoslavskiy fc3e7c37ab Update sysmon_uac_bypass_via_dism.yml 
to execute the test
 2020-10-17 21:35:44 +02:00
Roberto Rodriguez 7c9249f6ad Create sysmon_wmic_remote_xsl_scripting_dlls.yml 
BSides Delhi Example
 2020-10-17 11:17:48 -04:00
Jonhnathan 7adfd75c0a Update sysmon_svchost_dll_search_order_hijack.yml 2020-10-15 16:10:23 -03:00
Jonhnathan b6cf10fdd2 Update sysmon_susp_winword_wmidll_load.yml 2020-10-15 16:09:44 -03:00
Jonhnathan efe5ad92c3 Update sysmon_susp_winword_vbadll_load.yml 2020-10-15 16:09:21 -03:00
Jonhnathan 7c196aed22 Update sysmon_susp_office_kerberos_dll_load.yml 2020-10-15 16:09:03 -03:00
Jonhnathan 38ef5976dc Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-15 16:08:55 -03:00
Jonhnathan 8aa2f8582b Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-15 16:07:46 -03:00
Jonhnathan 4de241d44c Update sysmon_susp_office_dotnet_gac_dll_load.yml 2020-10-15 16:07:10 -03:00
Jonhnathan ecbec06709 Update sysmon_susp_office_dotnet_clr_dll_load.yml 2020-10-15 16:06:47 -03:00
Jonhnathan 0d4f372351 Update sysmon_susp_office_dotnet_assembly_dll_load.yml 2020-10-15 16:06:21 -03:00
Jonhnathan 1136725728 Update sysmon_susp_image_load.yml 2020-10-15 16:05:50 -03:00
Jonhnathan 56594a5a06 Update sysmon_mimikatz_inmemory_detection.yml 2020-10-15 16:05:11 -03:00
omkargudhate22 ecdb0b4997 adding slashes 2020-10-15 17:51:21 +05:30
uchakin a7e5b0ac40 Some fixes for rules 2020-10-14 19:06:59 +03:00
omkargudhate22 2e2b2c2393 removed backslash 2020-10-14 19:44:31 +05:30
omkargudhate22 2e52cb7f86 Update sysmon_susp_script_dotnet_clr_dll_load.yml 2020-10-14 18:47:25 +05:30
omkargudhate22 8e792f95ab removed regex 2020-10-14 17:31:38 +05:30
omkargudhate22 5c65d07100 add reference & ends with condition 2020-10-13 17:44:39 +05:30
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
nsaddler 28c8b56473 Update sysmon_in_memory_powershell.yml 2020-10-12 19:05:08 +03:00
omkar72 b32b6f0e09 script loading .net 2020-10-12 17:20:22 +05:30
Ensar Şamil d6aa0c31b9 Update sysmon_tttracer_mod_load.yml 2020-10-09 09:34:05 +03:00
uchakin a73dbd0a5d Fix titles 2020-10-07 22:27:48 +03:00
uchakin b568e14b03 Add 3 rules 2020-10-07 22:06:16 +03:00
esebese 4045c68ae4 [OSCD] sysmon_tttracer_mod_load.yml added 2020-10-07 11:17:21 +03:00
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco ebc1d38027 fix in memory powershell false positive 2020-09-06 09:25:56 -04:00
Yugoslavskiy Daniil 42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Aidan Bracher dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
ecco e30eaa0202 be more specific about file location 2020-07-09 13:33:59 -04:00
ecco 94e3bd9e6b add WMI module load false positive 2020-07-09 13:32:21 -04:00
ecco 905f1b3823 add WMI and powershell false positives 2020-07-09 10:26:54 -04:00
Thomas Patzke 4762a59b89 Merge pull request #891 from rtkbkish/image-load-fixes 
Fix typo for rule in image_load category
 2020-07-07 22:31:32 +02:00
Brad Kish c758ca0eb9 Re-fix sysmon rules that are lost changes with category refactoring. 
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.

Re-add the fixes.

https://github.com/Neo23x0/sigma/commit/38afd8b5def24191616ff0f0c0324cfbb7f0d6d0

https://github.com/Neo23x0/sigma/commit/422b2bffd77b217e6cec9a67c496b0aa44711ece

https://github.com/Neo23x0/sigma/commit/dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9
 2020-07-06 10:55:42 -04:00
Brad Kish 7031d9e2b8 Fix typo for rule in image_load category 
image_load not image_loaded.
 2020-07-03 16:23:17 -04:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00