security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

6187 Commits

Author SHA1 Message Date
omkargudhate22 df07d53fea formatting values 2020-10-25 18:23:29 +05:30
omkargudhate22 06890ba28b update title 2020-10-25 15:10:12 +05:30
omkar72 021842eaa3 office test reg 2020-10-25 12:36:08 +05:30
omkar72 42de51cadc conhost executions 2020-10-25 12:33:59 +05:30
S.kiran kumar 15a6352da6 Removed event ID 2020-10-24 17:40:29 +05:30
invrep-de e5567631eb Minor changes to incorporate feedback 
Incorporated feedback from @yugoslavskiy. Thank you!
 2020-10-24 07:27:59 -04:00
Florian Roth 75637324e0 feat: cover newest emotet campaigns 2020-10-23 23:44:48 +02:00
invrep-de d623685c2c [OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy 2020-10-23 23:27:52 +02:00
stvetro f27a7832ad Small fix 
Added "\" at file path end
Optimised exclusion of empty cmds
 2020-10-23 13:25:32 +04:00
stvetro ca6a4beb65 Small fix 
Added "\" at file path end
 2020-10-23 12:50:27 +04:00
stvetro d7709d2236 Small fix 
Add "\" to file path end
 2020-10-23 12:44:46 +04:00
stvetro f7a110e107 Small fix 
Removed extra line;
Added "\" to file path end
 2020-10-23 12:41:39 +04:00
stvetro 9d286b4d47 Deleted not my rule 
Was added by mistake =)
 2020-10-23 12:38:13 +04:00
Vasiliy Burov 093941778b Update and rename win_susp_multiple_files_renamed.yml to win_susp_multiple_files_renamed_or_deleted.yml 2020-10-22 15:57:29 +03:00
S.kiran kumar ca5e86c850 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:14:07 +05:30
S.kiran kumar 7db0351d6d Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:11:55 +05:30
S.kiran kumar e474c26c90 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:07:31 +05:30
S.kiran kumar e8611ca0a7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:00:19 +05:30
S.kiran kumar 7ba3d7a9c8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 19:58:13 +05:30
yugoslavskiy f050cedf92 update syntax to re-run the test once more... 2020-10-20 21:17:59 +02:00
yugoslavskiy ca4a0f7a72 shorten the titile to pass the test 2020-10-20 20:37:49 +02:00
yugoslavskiy a96408b20a add an empty line to re-run the test 2020-10-20 20:11:13 +02:00
S.kiran kumar 7fbaacabb0 Mitre attck tags chages 2020-10-20 23:20:34 +05:30
yugoslavskiy 27baf472b8 add an empty line to re-run the test 2020-10-20 18:59:25 +02:00
Vasiliy Burov 3a2c1d213a Update win_susp_multiple_files_renamed.yml 2020-10-20 19:25:31 +03:00
yugoslavskiy 6ec761d27b update syntax a bit to re-run the test 2020-10-20 17:40:53 +02:00
yugoslavskiy 40f6d5e543 update syntax a bit to re-run the test 2020-10-20 17:39:04 +02:00
yugoslavskiy 60f71d911d shorten the title to pass the test 2020-10-20 17:08:11 +02:00
Florian Roth ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth 198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
stvetro 6bc483d287 Added mitre tags 2020-10-19 19:28:52 +04:00
stvetro 43707c9023 Added mitre tags 2020-10-19 19:20:52 +04:00
Nikita Nazarov 654bd7bdba Update win_software_discovery.yml 
Add edits
 2020-10-19 11:05:45 +03:00
Jonhnathan 6b2c235ab3 Update win_susp_replace_lolbin.yml 2020-10-18 23:44:18 -03:00
v3t0 3a550af9f7 [OSCD] Added a rule to detect execution of runonce with suspicious parameters 2020-10-18 22:38:13 -04:00
v3t0 755a714884 [OSCD] Added a rule to detect the execution of tracker.exe with suspicious arguments 2020-10-18 19:35:57 -04:00
Vasiliy Burov 439f88f75a Create win_mal_lockergoga.yml 2020-10-18 20:25:37 +03:00
Ensar Şamil 4619e98602 Update win_pe_exec_vsjitdebugger.yml 2020-10-18 20:08:29 +03:00
Timur Zinniatullin 0d5b03342a Add win_invoke_obfuscation_via_compress.yml 2020-10-18 19:51:20 +03:00
Timur Zinniatullin 8b255ab959 Add powershell_invoke_obfuscation_via_compress.yml 2020-10-18 19:50:58 +03:00
Timur Zinniatullin 30f7dad901 Add win_invoke_obfuscation_via_compress_services.yml 2020-10-18 19:50:30 +03:00
stvetro 65fc968658 Create win_susp_file_download_via_gfxdownloadwrapper.yml 2020-10-18 20:40:23 +04:00
stvetro a6d99e4418 Create win_susp_runscripthelper.yml 2020-10-18 20:37:53 +04:00
stvetro 5cb76ef7d4 Create win_winword_dll_load.yml 2020-10-18 20:29:39 +04:00
stvetro 5ae052b665 Revert "Revert "Create win_verclsid_runs_com.yml"" 
This reverts commit 8e820d441a.
 2020-10-18 20:10:29 +04:00
stvetro 8e820d441a Revert "Create win_verclsid_runs_com.yml" 
This reverts commit 7e4a958cc5.
 2020-10-18 20:10:21 +04:00
Timur Zinniatullin d84281936b Update win_invoke_obfuscation_via_rundll.yml 2020-10-18 19:05:40 +03:00
Timur Zinniatullin eb2af704e7 Update powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 19:05:27 +03:00
Timur Zinniatullin 39bac712c3 Update win_invoke_obfuscation_via_rundll_services.yml 2020-10-18 19:05:09 +03:00
stvetro 7e4a958cc5 Create win_verclsid_runs_com.yml 2020-10-18 20:02:34 +04:00