security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

2788 Commits

Author SHA1 Message Date
Florian Roth 133b98ffcb Merge pull request #1262 from invrep-de/oscd 
[OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy
 2020-12-21 18:30:21 +01:00
Florian Roth f20f346a6a Merge pull request #1264 from omkar72/sdev-1 
Adding 2 rules - Conhost & office test registry persistence
 2020-12-21 18:28:59 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 377454cb31 Merge pull request #1299 from tjgeorgen/patch-1 
ATT&CK subtechnique tag updates
 2020-12-21 18:24:00 +01:00
Florian Roth 1b0aaf62c3 Merge pull request #1266 from omkar72/ryuk 
modifying couple of rules
 2020-12-13 19:05:54 +01:00
Florian Roth e2ade077ed Merge pull request #1275 from bczyz1/patch-3 
update win_apt_slingshot.yml
 2020-12-13 19:04:47 +01:00
Florian Roth 612008a4d8 fix identation 2020-12-11 18:40:17 +01:00
Tran Trung Hieu edc79a8bb6 Detects suspicious shell spawn from MSSQL process, this might be sight of RCE or SQL Injection 2020-12-11 15:17:23 +07:00
Florian Roth b6d62b7a21 Merge pull request #1302 from Neo23x0/rule-devel 
TA505 Dropper, minor fix in PowerShell Rule
 2020-12-08 10:40:07 +01:00
Florian Roth 640470cefd TA505 Loader Rule 2020-12-08 10:15:30 +01:00
tjgeorgen 1c6c3a36fe include updated RDP att&ck tag 2020-12-04 11:59:23 -05:00
tjgeorgen 0eda1ab462 also update tag for folder variant 2020-12-04 11:42:05 -05:00
tjgeorgen 5208bdd65a add new version of ATT&CK T1500 tag 2020-12-04 11:19:16 -05:00
yugoslavskiy 0188e45925 Update win_malware_script_dropper.yml 2020-12-01 02:12:53 +01:00
yugoslavskiy 30ecc8bd26 Update win_malware_script_dropper.yml 2020-12-01 02:08:52 +01:00
yugoslavskiy 6494103839 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:54:51 +01:00
yugoslavskiy d1b625d080 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:51:47 +01:00
yugoslavskiy 3cbc2f0aec Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:47:23 +01:00
yugoslavskiy 816ce5937c Update win_susp_crackmapexec_execution.yml 2020-12-01 01:29:35 +01:00
yugoslavskiy 56f94a19f7 Update win_regedit_export_keys.yml 2020-11-30 02:08:54 +01:00
Yugoslavskiy Daniil d812a3e08e resolve conflict restoring rule win_susp_replace_lolbin.yml 2020-11-30 01:09:24 +01:00
Yugoslavskiy Daniil 98617609d6 Merge branch 'oscd' into HEAD 2020-11-30 01:07:26 +01:00
Yugoslavskiy Daniil 50623544a2 remove possible duplicate filter 2020-11-29 22:03:19 +01:00
OG 8e801ede32 Update win_susp_psexec_eula.yml 2020-11-29 17:45:29 +05:30
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 7dc5233dd9 Update win_susp_commands_recon_activity.yml 2020-11-28 18:43:04 +01:00
yugoslavskiy 9f8ef95571 Update win_webshell_detection.yml 2020-11-28 18:25:09 +01:00
yugoslavskiy c761d05a17 Update win_system_exe_anomaly.yml 2020-11-28 18:03:19 +01:00
yugoslavskiy 258334d6d1 Update win_susp_wmi_execution.yml 2020-11-28 18:01:06 +01:00
yugoslavskiy c0c74a05df Update win_susp_sysvol_access.yml 2020-11-28 17:49:21 +01:00
yugoslavskiy 3c75bc922a Update win_susp_squirrel_lolbin.yml 2020-11-28 17:47:16 +01:00
yugoslavskiy 42f27a41cb Update win_susp_rundll32_by_ordinal.yml 2020-11-28 17:44:30 +01:00
yugoslavskiy ca0a6547fb Update win_susp_run_locations.yml 2020-11-28 17:42:47 +01:00
Jonhnathan f1455e0c38 Update win_win10_sched_task_0day.yml 2020-11-28 13:42:30 -03:00
Jonhnathan fe3ed329ef Update win_webshell_recon_detection.yml 2020-11-28 13:41:11 -03:00
yugoslavskiy ea550cf551 Update win_susp_regsvr32_anomalies.yml 2020-11-28 17:40:40 +01:00
Jonhnathan f0bf3d13b5 Update win_webshell_detection.yml 2020-11-28 13:38:34 -03:00
Jonhnathan 9f4bbb7e65 Update win_webshell_detection.yml 2020-11-28 13:35:50 -03:00
yugoslavskiy bcf62fba72 Update win_susp_ps_appdata.yml 2020-11-28 17:34:34 +01:00
yugoslavskiy 2ed4b26291 Update win_susp_procdump.yml 2020-11-28 17:33:02 +01:00
Jonhnathan 0d0f58c830 Update win_system_exe_anomaly.yml 2020-11-28 13:32:44 -03:00
yugoslavskiy a3e436363e Update win_susp_powershell_parent_combo.yml 2020-11-28 17:31:37 +01:00
Jonhnathan c9b5ba10f8 Update win_susp_wmi_execution.yml 2020-11-28 13:30:34 -03:00
yugoslavskiy c01c05b826 Update win_susp_powershell_enc_cmd.yml 2020-11-28 17:29:15 +01:00
Jonhnathan f6117eebc7 Update win_susp_sysvol_access.yml 2020-11-28 13:27:28 -03:00
Jonhnathan 88b4d4c4e5 Update win_susp_sysvol_access.yml 2020-11-28 13:26:22 -03:00
yugoslavskiy 66a504078b Update win_susp_ping_hex_ip.yml 2020-11-28 17:25:52 +01:00
Jonhnathan 7aa831eac3 Remove additional backslash 2020-11-28 13:25:28 -03:00
Jonhnathan 0357472635 Update win_susp_squirrel_lolbin.yml 2020-11-28 13:24:38 -03:00
Jonhnathan f70bd415a3 Update win_susp_run_locations.yml 2020-11-28 13:21:04 -03:00