security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

567 Commits

Author SHA1 Message Date
invrep-de 3be21d5478 Some minor formatting updates; 
Formatting updates;
 2020-10-14 16:55:52 -04:00
invrep-de 8f28c16d6e Some further updates to fix spacing; 
Some further updates to fix spacing;
 2020-10-14 15:42:19 -04:00
invrep-de 637065fd97 Some minor updates to address spacing; 
Some further minor updates to address spacing;
 2020-10-14 15:41:31 -04:00
invrep-de 2672b10808 Some minor restructuring to incorporate the feedback from the oscd team; 
Some minor restructuring to incorporate the feedback from the oscd team;
 2020-10-14 15:37:15 -04:00
Thomas Patzke 6cc33e5989 Merge pull request #1060 from svch0stz/oscd6 
[OSCD] Created powershell_suspicious_mounted_share_deletion.yml
 2020-10-13 22:59:25 +02:00
Thomas Patzke 08eec2b6e6 Merge pull request #1094 from NikitaStormwind/Regular30 
[OSCD] Detects Obfuscated Powershell via use Rundll32 in Scripts #30 (4104, 4103)
 2020-10-13 21:43:16 +02:00
Thomas Patzke 5f4d60951d Merge pull request #1112 from NikitaStormwind/regular29(1) 
[OSCD] Detects Obfuscated Powershell via use Clip.exe in Scripts #29 (4104, 4103)
 2020-10-13 21:34:38 +02:00
Thomas Patzke 7e8930f15e Merge pull request #1142 from NikitaStormwind/regular28(1) 
[OSCD] Detects Obfuscated Powershell via Stdin in Scripts #28 (4104, 4103)
 2020-10-13 11:38:26 +02:00
Thomas Patzke 0c77edb859 Merge pull request #1120 from bczyz1/oscd 
[OSCD] Create powershell_icmp_exfiltration.yml
 2020-10-13 11:37:40 +02:00
Vasiliy Burov dff2e16ad2 Update powershell_cmdline_specific_comb_methods.yml 2020-10-13 10:59:20 +03:00
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
cyb3rward0g cd270672a6 Update delete alternate powershell host 2020-10-12 23:52:35 -04:00
invrep-de 6a9bc7063f [OSCD] Bad Opsec Powershell Artifacts 2020-10-13 02:21:46 +02:00
Timur Zinniatullin d1ef56bddb @aw350m3 style complience (: 2020-10-13 02:47:09 +03:00
Timur Zinniatullin 870574b635 Add powershell_invoke_obfuscation_via_var++.yml 2020-10-13 02:19:57 +03:00
Thomas Patzke cb86c509f1 Merge pull request #1129 from bczyz1/oscd-sprint-2-keylogging 
[OSCD] Modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature
 2020-10-13 00:58:24 +02:00
Thomas Patzke eaa9f293e7 Merge pull request #1125 from vburov/patch-12 
[OSCD] Create powershell_cmdline_reversed_strings
 2020-10-13 00:57:22 +02:00
Thomas Patzke 5664f72a2a Merge pull request #1054 from NikitaStormwind/task#70 
[OSCD] Detecting Code injection with PowerShell in another process #70
 2020-10-13 00:47:13 +02:00
cyb3rward0g 21f41eaad9 16 rules from DH APT29 day 1 - contributing soon 2020-10-12 18:13:13 -04:00
cyb3rward0g 104b40ce8f 10 rules from THP - contributing soon 2020-10-12 15:42:34 -04:00
Nikita P. Nazarov c5efbc8345 Detects Obfuscated Powershell via Stdin in Scripts 2020-10-12 18:47:51 +03:00
Vasiliy Burov 95cd271686 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 18:10:46 +03:00
Vasiliy Burov 643d700d53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 17:51:19 +03:00
Vasiliy Burov d31f8d6977 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:43:53 +03:00
Vasiliy Burov 2e6f184370 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:11:10 +03:00
Vasiliy Burov 436dd4d90c Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:04:24 +03:00
Bartlomiej Czyz e90f91b89e append authors of the update 2020-10-11 23:42:33 +02:00
Vasiliy Burov a0ac753e32 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:39:36 +03:00
Vasiliy Burov 48f6fad6c3 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:35:59 +03:00
Bartlomiej Czyz b6876e5123 remove redundant reference 2020-10-11 23:35:17 +02:00
Vasiliy Burov 8d926dc303 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:27:45 +03:00
Vasiliy Burov 6f7475020a Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:23:27 +03:00
Vasiliy Burov 26ef1da071 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:00:17 +03:00
Vasiliy Burov d4e1786836 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:57:27 +03:00
Vasiliy Burov e2543158ce Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:53:00 +03:00
Vasiliy Burov 47d6122298 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:46:51 +03:00
Vasiliy Burov a39d453792 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:42:51 +03:00
Vasiliy Burov 1320e0b733 Update powershell_cmdline_reversed_strings.yml 2020-10-11 23:40:12 +03:00
Vasiliy Burov 2d88000fdf Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:38:07 +03:00
Vasiliy Burov 5c4adbb24e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:33:57 +03:00
Vasiliy Burov da14df6c9f Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:29:37 +03:00
Vasiliy Burov b80f0f6478 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:18:23 +03:00
Vasiliy Burov fb5748254e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:45:32 +03:00
Vasiliy Burov ef17d168bd Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:34:47 +03:00
Vasiliy Burov ce2767b10e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:47:07 +03:00
Vasiliy Burov 6e4f8bdd53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:35:15 +03:00
Vasiliy Burov 6cc1a5e767 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:27:24 +03:00
Vasiliy Burov 03ebc36a11 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:23:12 +03:00
Vasiliy Burov d16770aee4 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:19:23 +03:00
Vasiliy Burov 82c7edfd68 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:14:45 +03:00