security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

6187 Commits

Author SHA1 Message Date
Roberto Rodriguez 5aac1b6879 Unsupported rule now possible with Sysmonv13.30 2021-10-27 01:04:24 -04:00
frack113 bba1e68669 Merge pull request #2200 from frack113/susp_del 
add process_creation_susp_del
 2021-10-27 06:33:04 +02:00
frack113 98d7380a40 Merge pull request #2197 from frack113/fix_title 
Fix title process_creation_powershell_web_request
 2021-10-27 06:31:45 +02:00
Florian Roth fcecb951d5 Merge branch 'master' into rule-devel 2021-10-26 22:03:55 +02:00
phantinuss 3983baf2b0 windows commandline obfuscation 2021-10-26 16:35:06 +02:00
frack113 79399db2b8 add process_creation_susp_del 2021-10-26 13:17:56 +02:00
frack113 765acac374 Merge pull request #2195 from frack113/cve_attack 
CVE attack
 2021-10-26 10:40:13 +02:00
Florian Roth ab499c9c21 rules: crypto coin mining 2021-10-26 08:52:07 +02:00
frack113 7c9da11fa7 fix title 2021-10-26 06:49:44 +02:00
frack113 4bcde17e00 Fix title 2021-10-26 06:49:05 +02:00
WojciechLesicki ad0bcebe9c Adding some additional details about sysmon config and also way to test detection. 2021-10-25 21:30:33 +02:00
frack113 9e61ad2592 Merge pull request #2189 from austinsonger/windows_suspicious_rclone_execution 
win_susp_rclone_execution.yml
 2021-10-25 21:20:00 +02:00
frack113 8eee468cc3 Add detect_by_option 2021-10-25 20:49:30 +02:00
frack113 b17c4fab33 Merge pull request #2193 from frack113/vhd_dowload 
Add file_event_mal_vhd_download.yml
 2021-10-25 20:30:11 +02:00
frack113 b3df5bf325 Merge pull request #2192 from frack113/update_win_shadow_copies_deletion 
Update win_shadow_copies_deletion.yml
 2021-10-25 20:29:48 +02:00
frack113 f8574fcd81 Add cve tags 2021-10-25 18:40:50 +02:00
frack113 162d869e2b Add cve tags 2021-10-25 18:14:03 +02:00
frack113 5294e91828 Update file_event_mal_vhd_download.yml 2021-10-25 17:29:01 +02:00
frack113 12707f8ec5 fix level 2021-10-25 09:16:59 +02:00
frack113 e4d2b6e5d9 add file_event_mal_vhd_download 2021-10-25 09:07:22 +02:00
frack113 aff6bbba7b Merge pull request #2191 from securepeacock/patch-3 
Create sysmon_powershell_startup_shortcuts.yml
 2021-10-25 07:36:20 +02:00
frack113 e1d8c547b6 Merge pull request #2188 from austinsonger/powershell_azurehound_commands.yml 
powershell_azurehound_commands.yml
 2021-10-25 07:35:44 +02:00
securepeacock 8b45c6687c Update sysmon_powershell_startup_shortcuts.yml 2021-10-24 16:07:40 -04:00
securepeacock 265faf6337 Update sysmon_powershell_startup_shortcuts.yml 2021-10-24 14:15:04 -04:00
frack113 9ff310541a add selection3 2021-10-24 20:14:44 +02:00
frack113 9065485855 update detection 2021-10-24 20:12:55 +02:00
securepeacock 03301a0652 Rename sysmon_powershell_startup_shortcuts to sysmon_powershell_startup_shortcuts.yml 2021-10-24 13:56:01 -04:00
securepeacock 75f4f439da Create sysmon_powershell_startup_shortcuts 2021-10-24 13:32:22 -04:00
frack113 db640f6080 Update win_susp_rclone_execution.yml 2021-10-24 18:47:04 +02:00
frack113 406f10b583 Merge pull request #2186 from austinsonger/certoc.exe 
process_creation_certoc_execution.yml
 2021-10-24 18:45:02 +02:00
Austin Songer 85d7cb6f3e Update process_creation_certoc_execution.yml 2021-10-24 11:06:51 -05:00
Austin Songer 5ded3e681c Update win_susp_rclone_execution.yml 2021-10-24 11:04:34 -05:00
Austin Songer c4153f471f Create win_susp_rclone_exec.yml 2021-10-24 11:02:55 -05:00
Austin Songer d4b396f823 Create sysmon_rclone_execution.yml 2021-10-24 11:02:34 -05:00
frack113 2c955ea0ca Merge pull request #2185 from austinsonger/process_creation_stordiag_execution.yml 
process_creation_stordiag_execution.yml
 2021-10-24 09:44:34 +02:00
frack113 587c413a12 fix typo error 2021-10-24 09:08:20 +02:00
frack113 4dc82c95b6 Update process_creation_stordiag_execution.yml 2021-10-24 08:52:23 +02:00
Austin Songer 9664ec4c35 Update win_susp_rclone_execution.yml 2021-10-23 19:59:37 -05:00
Austin Songer c8383901e1 Update win_susp_rclone_execution.yml 2021-10-23 19:56:43 -05:00
Austin Songer 2d781ac20b Rename win_suspicious_rclone_execution.yml to win_susp_rclone_execution.yml 2021-10-23 19:55:19 -05:00
Austin Songer 05fcc0d890 Rename windows_suspicious_rclone_execution.yml to win_suspicious_rclone_execution.yml 2021-10-23 19:52:37 -05:00
Austin Songer 2f5e235dfe Delete sysmon_rclone_execution.yml 2021-10-23 19:51:59 -05:00
Austin Songer a771549057 Delete win_susp_rclone_exec.yml 2021-10-23 19:51:50 -05:00
Austin Songer 76aa8bf904 Create windows_suspicious_rclone_execution.yml 2021-10-23 19:50:03 -05:00
Austin Songer 923391224a Create powershell_azurehound_commands.yml 2021-10-23 18:27:36 -05:00
Austin Songer a78d6cce5f Create process_creation_certoc_execution.yml 2021-10-23 14:10:40 -05:00
Austin Songer 448c86587f Update process_creation_stordiag_execution.yml 2021-10-23 13:29:16 -05:00
frack113 b267504708 Merge pull request #2179 from frack113/fix_sysmon_in_memory_assembly_execution 
Fix sysmon in memory assembly execution
 2021-10-23 10:11:08 +02:00
frack113 5bc38f6a7f Merge pull request #2178 from frack113/fix_sysmon_invoke_phantom 
fix cast for sysmon_invoke_phantom
 2021-10-23 10:10:55 +02:00
Austin Songer a5fae664b9 Create process_creation_stordiag_execution.yml 2021-10-22 19:48:10 -05:00