security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

411 Commits

Author SHA1 Message Date
Florian Roth 026428640e Update registry_event_set_nopolicies_user.yml 2022-03-21 12:06:50 +01:00
Florian Roth 682b4852fc Update registry_event_hide_fonction_user.yml 2022-03-21 12:04:29 +01:00
Florian Roth a50cd510a5 Update registry_event_disable_fonction_user.yml 2022-03-21 12:01:54 +01:00
frack113 ab471b11ae Redcannary 2022-03-20 08:36:07 +01:00
frack113 45cfdab828 Revert "Redcannary" 2022-03-20 08:11:11 +01:00
frack113 eb66c5530e Merge pull request #2826 from frack113/redcannary_20220318 
Redcannary
 2022-03-20 08:11:07 +01:00
Florian Roth ec7a9793d7 Update registry_event_powershell_in_run_keys.yml 2022-03-18 20:58:16 +01:00
frack113 1060009949 Redcannary 2022-03-18 11:15:05 +01:00
frack113 829409d29a Redcannary 2022-03-17 16:48:41 +01:00
phantinuss 043747822f fix: more falsepositives harmonization 2022-03-16 14:57:06 +01:00
phantinuss 84d0c472ba fix: remove penetration test as valid false positive reason 2022-03-16 14:33:18 +01:00
phantinuss 8d3f8acb60 fix: none --> Unknown 2022-03-16 14:19:21 +01:00
phantinuss b23eee6ebf fix: unknown --> Unknown 2022-03-16 13:43:54 +01:00
Florian Roth 73db2dbafa fix: a 2nd "contains" error 2022-03-07 16:03:17 +01:00
Florian Roth e113943cb6 fix: bug in rule with combined "contains|endswith" 2022-03-07 15:48:25 +01:00
frack113 b4de144862 Office Installation FP 2022-03-05 11:09:27 +01:00
frack113 7922becd0b Fix FP new install 2022-03-04 16:53:30 +01:00
frack113 743f0974f9 Merge pull request #2766 from frack113/office2019 
OfficeClickToRun FP
 2022-03-04 06:30:31 +01:00
frack113 59067a72d2 OfficeClickToRun FP 2022-03-03 19:45:03 +01:00
frack113 cc956f7dbf Fix Windows11-Office FP 2022-03-03 15:20:53 +01:00
frack113 7fb8272f94 Name Normalization 
Name Normalization
 2022-02-27 10:58:14 +01:00
frack113 d459483ef6 Enable Office dde (#2750) 
Add registry_event_win_office_enable_dde
 2022-02-27 07:40:19 +01:00
Florian Roth 5901b41f95 fix: FPs noticed with Aurora 2022-02-25 13:55:37 +01:00
Florian Roth 89071f09e7 docs: changed technique to T1564 (Hide Artefacts) 
https://attack.mitre.org/techniques/T1564/
 2022-02-25 09:50:46 +01:00
Florian Roth a786ed36db add MITRE ATT&CK techniques 2022-02-25 09:25:22 +01:00
Tobias Michalski d210e56e34 fix: Removed Spacing 2022-02-24 16:02:58 +01:00
Tobias Michalski 1b6483002b fix: Added newline 2022-02-24 15:57:13 +01:00
Tobias Michalski 573902c38d feat: CrashDump Disable Sigmarule 2022-02-24 15:55:36 +01:00
frack113 470ca979b4 Fix FP binary 2022-02-20 11:31:08 +01:00
Florian Roth 5deb9af698 Update sysmon_reg_office_security.yml 2022-02-17 08:15:25 +01:00
phantinuss 9fce5735ad fix: remove unneded escape for " 2022-02-16 16:31:13 +01:00
phantinuss c92b5e8835 fix: known FP 2022-02-16 16:31:13 +01:00
phantinuss 27e4c333d6 fix: filter MS Office 2022-02-16 16:31:13 +01:00
phantinuss ebc27d7c9f fix: exclude cutepdf writer 2022-02-16 16:31:12 +01:00
phantinuss 6816f32c93 fix: remove trailing \ 2022-02-16 16:31:12 +01:00
phantinuss 3207f3ff47 fix: filter known software 2022-02-16 16:31:12 +01:00
phantinuss 5a03d8d5ac fix: filter known software 2022-02-16 16:31:12 +01:00
phantinuss e2f80e5aa8 fix: exclude msiexec from SysWOW64 2022-02-16 16:31:12 +01:00
phantinuss 3e254fe3e4 fix: exclude known office addins 2022-02-16 16:31:12 +01:00
phantinuss cc6613a799 fix: filter MS Office and Dropbox 2022-02-16 16:31:12 +01:00
phantinuss 741640cb10 fix: filter known extensions and toolbar entries 2022-02-16 16:31:12 +01:00
phantinuss c7d270956c fix: several FPs against a fresh installed Windows with example applications and basic user interaction 4 2022-02-15 16:40:04 +01:00
frack113 82e08de42c Merge pull request #2693 from wagga40/master 
Correct a typo in rule name
 2022-02-13 16:00:40 +01:00
wagga40 fceb2c0de1 Correct bad commit 2022-02-13 13:34:28 +01:00
frack113 ce0a5033f8 Aurora Office FP 2022-02-13 11:29:52 +01:00
wagga40 c840c1a7f7 Correct a typo in rule name 2022-02-13 09:34:43 +01:00
phantinuss 6ad44598ee fix: several FPs against a fresh installed Windows with example applications and basic user interaction 2 2022-02-10 16:12:17 +01:00
phantinuss 43bae23f23 fix: several FPs against a fresh installed Windows with example applications and basic user interaction 2022-02-09 17:47:22 +01:00
Florian Roth c23a82d2e7 Update win_re_set_servicedll.yml 2022-02-04 23:19:36 +01:00
frack113 16fed13bb0 Order files 2022-02-04 10:52:55 +01:00