security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

864 Commits

Author SHA1 Message Date
S.kiran kumar 2fa7ae2c1c Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 13:04:49 +05:30
S.kiran kumar 6b25378a61 Removed * operator 2020-10-14 10:07:16 +05:30
S.kiran kumar 4fa6ca01ef Changed category. 2020-10-14 10:05:41 +05:30
Thomas Patzke f7c440b097 Merge pull request #1065 from nsaddler/oscd1 
[OSCD] Accessing WinAPI in PowerShell. Credentials dumping Rule added
 2020-10-13 22:33:14 +02:00
Thomas Patzke 0914c03acb Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-13 22:32:55 +02:00
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
cyb3rward0g 354b6a9822 update - GitHub Action / Test Sigma 2020-10-12 23:07:02 -04:00
cyb3rward0g 72f35377b3 update - GitHub Action / Test Sigma 2020-10-12 22:11:01 -04:00
cyb3rward0g 644f222079 update - GitHub Action / Test Sigma 2020-10-12 21:58:02 -04:00
cyb3rward0g 491049b92a Updated - GitHub Action / Test Sigma 2020-10-12 21:34:07 -04:00
cyb3rward0g 21f41eaad9 16 rules from DH APT29 day 1 - contributing soon 2020-10-12 18:13:13 -04:00
cyb3rward0g 104b40ce8f 10 rules from THP - contributing soon 2020-10-12 15:42:34 -04:00
S.kiran kumar bd5e7fda14 Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 21:26:44 +05:30
nsaddler e94a47b9d3 Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-12 18:33:43 +03:00
S.kiran kumar 27823763cb Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 20:14:43 +05:30
S.kiran kumar a640c1e151 Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 20:11:24 +05:30
S.kiran kumar f1c9286a25 Updated minor changes 
Change tags.
Change author (add "oscd.community").
Change date format.
Change logsource.
Change detection (use endswith as a modifier).
Change fields.
 2020-10-12 20:06:36 +05:30
S.kiran kumar c76eede1b8 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:11:09 +05:30
S.kiran kumar fbf5d2fdc4 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:07:41 +05:30
S.kiran kumar bddbe68235 Create silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:02:03 +05:30
S.kiran kumar 6b0b779480 Delete sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 23:00:52 +05:30
S.kiran kumar 6b10b998c9 Update sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:38:30 +05:30
S.kiran kumar 476ed7ec2d Rename silenttrinity _stager _communication _c2.yml to sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:03:24 +05:30
S.kiran kumar 545a8c06ed Rename Silenttrinity _Stager _Communication _C2.yml to silenttrinity _stager _communication _c2.yml 2020-10-11 21:53:45 +05:30
S.kiran kumar 9825b42de0 Rename Silenttrinity Stager Communication C2.yml to Silenttrinity _Stager _Communication _C2.yml 2020-10-11 21:38:19 +05:30
S.kiran kumar a5bf538ad1 Rename Silenttrinity _Stager _Communication _To _C2.yml to Silenttrinity Stager Communication C2.yml 2020-10-11 21:34:55 +05:30
S.kiran kumar 7a4c2c5db5 Rename Silenttrinity Stager Communication To C2 to Silenttrinity _Stager _Communication _To _C2.yml 2020-10-11 21:16:45 +05:30
S.kiran kumar 28ccbe9034 Rename Silenttrinity stager communication to c2 to Silenttrinity Stager Communication To C2 2020-10-11 21:00:00 +05:30
S.kiran kumar f82d163ded Update Silenttrinity stager communication to c2 2020-10-11 20:33:08 +05:30
S.kiran kumar f8c229bbf8 Update Silenttrinity stager communication to c2 2020-10-11 20:29:30 +05:30
S.kiran kumar e5fd37aea6 Update Silenttrinity stager communication to c2 2020-10-11 20:25:49 +05:30
S.kiran kumar 672bf99c6b Silenttrinity stager communication to c2 2020-10-11 19:45:58 +05:30
Nikita Nazarov 7c9c21cda0 Update sysmon_psexec_pipes_artifacts.yml 2020-10-07 14:43:25 +03:00
nsaddler 911bc514af Rename sysmon_accessing_winapi_in_powershell_credentials_dumping.yaml to sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-07 12:26:30 +03:00
Наталья Шорникова b6451fcc38 [OSCD] Accessing WinAPI in PowerShell. Credentials dumping Rule added 2020-10-07 12:17:29 +03:00
Nikita P. Nazarov f455146a29 Detecting use PsExec via Pipe Creation/Access to pipes RULE (#29 #30) 2020-10-05 18:08:20 +03:00
Steven 77cb49d057 Keep empty sysmon directory so tests will still run 2020-10-02 11:25:30 +02:00
Steven 8b74abe0bc - Created new categories for sysmon events 
- Replaced the explicit EventIDs with the reference to the category
- Moved the rules to the corresponding directories
 2020-09-30 20:44:14 +02:00
e6e6e 7ae76b8d99 Revert "att&ck tags review: windows/process_creation part 5" 
This reverts commit e94c47e74e.
 2020-09-07 01:28:08 +04:00
e6e6e e94c47e74e att&ck tags review: windows/process_creation part 5 
added missing ATT&CK v6.3 IDs with comments and removed unnecessary "modified" attributes
 2020-09-07 01:19:41 +04:00
Yugoslavskiy Daniil 5b70cfd3f7 review windows/sysmon 2020-08-29 02:03:28 +02:00
Florian Roth 2e29c07e83 Merge pull request #928 from duzvik/master 
Create sysmon_abusing_azure_browser_sso.yml
 2020-08-12 17:15:27 +02:00
Florian Roth 61a05ee054 reordered fields, changed indentation 2020-08-12 16:44:37 +02:00
Florian Roth 951c6fee8b Update sysmon_password_dumper_lsass.yml 2020-07-23 14:31:21 +02:00
duzvik a9b860d749 Update sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:24:49 +03:00
duzvik d24e15cc27 Update sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:12:58 +03:00
duzvik c5dfffdac0 Create sysmon_abusing_azure_browser_sso.yml 2020-07-15 14:02:34 +03:00
Florian Roth 99ac4f1f3d fix: FPs with RedMimicry rule 2020-07-07 10:11:58 +02:00
Florian Roth 5f04fcccf5 fix: broken links 2020-07-03 11:22:06 +02:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00