blue-team-tools

Author	SHA1	Message	Date
svch0stz	2edd79a37f	Update win_root_certificate_installed.yml	2020-10-12 08:30:28 +11:00
Vasiliy Burov	8d926dc303	Update powershell_cmdline_specific_comb_methods.yml	2020-10-12 00:27:45 +03:00
Vasiliy Burov	6f7475020a	Update powershell_cmdline_specific_comb_methods.yml	2020-10-12 00:23:27 +03:00
Vasiliy Burov	26ef1da071	Update powershell_cmdline_specific_comb_methods.yml	2020-10-12 00:00:17 +03:00
Vasiliy Burov	d4e1786836	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:57:27 +03:00
Vasiliy Burov	e2543158ce	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:53:00 +03:00
Vasiliy Burov	47d6122298	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:46:51 +03:00
Vasiliy Burov	a39d453792	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:42:51 +03:00
Vasiliy Burov	1320e0b733	Update powershell_cmdline_reversed_strings.yml	2020-10-11 23:40:12 +03:00
Vasiliy Burov	2d88000fdf	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:38:07 +03:00
Vasiliy Burov	5c4adbb24e	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:33:57 +03:00
Vasiliy Burov	da14df6c9f	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:29:37 +03:00
Vasiliy Burov	b80f0f6478	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 23:18:23 +03:00
Yugoslavskiy Daniil	e52baddda2	improve descriptin	2020-10-11 22:11:03 +02:00
Yugoslavskiy Daniil	7dec19afca	add macos_create_hidden_account.yml; part of the oscd initiative task number 63 of the issue #1012	2020-10-11 22:01:05 +02:00
Vasiliy Burov	fb5748254e	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 22:45:32 +03:00
Vasiliy Burov	ef17d168bd	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 22:34:47 +03:00
Vasiliy Burov	ce2767b10e	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:47:07 +03:00
Vasiliy Burov	6e4f8bdd53	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:35:15 +03:00
Vasiliy Burov	6cc1a5e767	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:27:24 +03:00
Vasiliy Burov	03ebc36a11	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:23:12 +03:00
Vasiliy Burov	d16770aee4	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:19:23 +03:00
Vasiliy Burov	82c7edfd68	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:14:45 +03:00
Vasiliy Burov	2385d06221	Update powershell_cmdline_specific_comb_methods.yml	2020-10-11 21:09:21 +03:00
Furkan ÇALIŞKAN	edb5b7718e	Deleted a part of an already-defined rule Lolbin rule for explorer.exe proxy execution; Test scenario; cd c:\windows\system32 explorer.exe calc.exe (pops calc.exe) as in https://twitter.com/bohops/status/986984122563391488/photo/1	2020-10-11 21:08:17 +03:00
Vasiliy Burov	6094fd4e9c	[OSCD] Create powershell_cmdline_specific_comb_methods.yml	2020-10-11 20:56:45 +03:00
S.kiran kumar	c76eede1b8	Update silenttrinity_stager_communicating_to_c2.yml	2020-10-11 23:11:09 +05:30
S.kiran kumar	fbf5d2fdc4	Update silenttrinity_stager_communicating_to_c2.yml	2020-10-11 23:07:41 +05:30
S.kiran kumar	bddbe68235	Create silenttrinity_stager_communicating_to_c2.yml	2020-10-11 23:02:03 +05:30
S.kiran kumar	6b0b779480	Delete sysmon_silenttrinity _stager _communication _c2.yml	2020-10-11 23:00:52 +05:30
Bartlomiej Czyz	94efeda45d	modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature	2020-10-11 19:11:54 +02:00
S.kiran kumar	6b10b998c9	Update sysmon_silenttrinity _stager _communication _c2.yml	2020-10-11 22:38:30 +05:30
uncleP@sk	435f052f75	some typos fixing	2020-10-11 19:45:46 +03:00
Vasiliy Burov	64b07ff51a	Update powershell_cmdline_reversed_strings.yml	2020-10-11 19:42:39 +03:00
S.kiran kumar	476ed7ec2d	Rename silenttrinity _stager _communication _c2.yml to sysmon_silenttrinity _stager _communication _c2.yml	2020-10-11 22:03:24 +05:30
S.kiran kumar	545a8c06ed	Rename Silenttrinity _Stager _Communication _C2.yml to silenttrinity _stager _communication _c2.yml	2020-10-11 21:53:45 +05:30
Alejandro Ortuno	d17faf8234	Local groups discovery sigma rules	2020-10-11 18:15:53 +02:00
S.kiran kumar	9825b42de0	Rename Silenttrinity Stager Communication C2.yml to Silenttrinity _Stager _Communication _C2.yml	2020-10-11 21:38:19 +05:30
S.kiran kumar	a5bf538ad1	Rename Silenttrinity _Stager _Communication _To _C2.yml to Silenttrinity Stager Communication C2.yml	2020-10-11 21:34:55 +05:30
Alejandro Ortuno	3358dd47ea	macos local account creation	2020-10-11 17:56:29 +02:00
S.kiran kumar	7a4c2c5db5	Rename Silenttrinity Stager Communication To C2 to Silenttrinity _Stager _Communication _To _C2.yml	2020-10-11 21:16:45 +05:30
S.kiran kumar	28ccbe9034	Rename Silenttrinity stager communication to c2 to Silenttrinity Stager Communication To C2	2020-10-11 21:00:00 +05:30
S.kiran kumar	f82d163ded	Update Silenttrinity stager communication to c2	2020-10-11 20:33:08 +05:30
Bartlomiej Czyz	8ae42bca7c	fix description & ParentImage -> Image modification to comply with reg events constraints	2020-10-11 17:02:39 +02:00
S.kiran kumar	f8c229bbf8	Update Silenttrinity stager communication to c2	2020-10-11 20:29:30 +05:30
S.kiran kumar	e5fd37aea6	Update Silenttrinity stager communication to c2	2020-10-11 20:25:49 +05:30
Vasiliy Burov	c868ef655c	Update powershell_cmdline_reversed_strings.yml	2020-10-11 17:37:07 +03:00
Vasiliy Burov	7aaf4654cd	Rename powershell_cmdline_reversed_strings to powershell_cmdline_reversed_strings.yml	2020-10-11 17:28:56 +03:00
Vasiliy Burov	00f5d1ec92	Update powershell_cmdline_reversed_strings	2020-10-11 17:24:46 +03:00
Vasiliy Burov	51f00c153c	Update powershell_cmdline_reversed_strings	2020-10-11 17:18:15 +03:00

... 102 103 104 105 106 ...

7964 Commits