security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Vasilisa-L 1738316741 Update on help keys in cmd 2020-10-09 09:23:35 +03:00
svch0stz 5d475ce16d Update win_root_certificate_installed.yml 2020-10-09 13:00:17 +11:00
svch0stz 8d7152d489 Update win_root_certificate_installed.yml 2020-10-09 12:55:37 +11:00
svch0stz ff8547efc5 Update win_root_certificate_installed.yml 2020-10-09 12:48:39 +11:00
svch0stz a68d50a5d9 Create win_root_certificate_installed.yml 2020-10-09 12:29:53 +11:00
svch0stz 0856170073 Update win_susp_mounted_share_deletion.yml 2020-10-09 11:42:06 +11:00
svch0stz 1088a2865b Update win_susp_mounted_share_deletion.yml 2020-10-09 11:40:57 +11:00
Kirill Kiryanov 04d56bade4 Removed redundant tag 2020-10-08 23:26:51 +03:00
Kirill Kiryanov d00e1073ee Revert "Created rule win_susp_presentationhost_execution.yml" 
This reverts commit a38c021876.
 2020-10-08 22:49:52 +03:00
Ryan Plas 5e1075b656 Update Powershell section 2020-10-08 15:19:42 -04:00
Jonhnathan 1695bc56dc Remove commas 2020-10-08 15:31:17 -03:00
Craig Young 6cd9be66ed Adding all modifier 2020-10-08 12:57:09 -04:00
Nikita P. Nazarov 60997b0243 Detects Obfuscated Powershell via use MSHTA in Scripts 2020-10-08 18:26:08 +03:00
Nikita P. Nazarov 27410d3c8e Detects Obfuscated Powershell via use MSHTA in Scripts 2020-10-08 18:19:59 +03:00
Nikita P. Nazarov 47c22d0443 Detects Obfuscated Powershell via use Rundll32 in Scripts 2020-10-08 18:06:41 +03:00
Nikita Nazarov 80a3a6c048 Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:52:01 +03:00
Nikita Nazarov b4377ed632 Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:45:07 +03:00
Nikita Nazarov 3ba4eeac7b Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:36:20 +03:00
esebese ba96efc25e [OSCD]win_pe_exec_vsjitdebugger.yml added 2020-10-08 17:28:20 +03:00
Nikita P. Nazarov 2db2ab30c4 Detects Obfuscated Powershell via use Rundll32 in Scripts 2020-10-08 17:08:43 +03:00
Sander e6ad52c102 Corrected falsepositives 2020-10-08 15:11:57 +02:00
Sander 0e07ea3e70 Corrected author 2020-10-08 15:04:09 +02:00
Sander 539400c384 Creation of win_regini 2020-10-08 14:47:22 +02:00
Kirill Kiryanov 7e28bf4df8 Fixed title format 2020-10-08 14:38:47 +03:00
Kirill Kiryanov 55ea538841 Created rule win_susp_sqldumper_activity.yml 2020-10-08 14:29:21 +03:00
Alejandro Ortuno 04f415c80b Added the sigma rules per OS 2020-10-08 13:23:11 +02:00
Kirill Kiryanov a09488a90f revert changes for making new pull request 2020-10-08 14:20:32 +03:00
Alejandro Ortuno c5605ae8b6 Scheduled Cron Task/Job sigma rule 2020-10-08 13:15:02 +02:00
Kirill Kiryanov 1581be1ec2 Created rule win_susp_sqldumper_activity.yml 2020-10-08 14:00:43 +03:00
Kirill Kiryanov a38c021876 Created rule win_susp_presentationhost_execution.yml 2020-10-08 13:24:59 +03:00
Yuliya Fomina 785f7e32e3 typo, - script extention 2020-10-08 10:13:20 +03:00
Yuliya Fomina aba6cd26ca Delete regex 2020-10-08 10:01:41 +03:00
remotephone@gmail.com e967cce211 change new lines to LF instead of CLRF 2020-10-07 23:02:03 -05:00
remotephone@gmail.com 9802704a2b not sure why i'm failing the tests on a line I didn't change. copying format from another file 2020-10-07 22:54:31 -05:00
remotephone@gmail.com ff2ba5f876 double checking new line characters 2020-10-07 22:43:38 -05:00
remotephone@gmail.com 83ed39f95c adding UID, renaming 2020-10-07 22:25:54 -05:00
remotephone@gmail.com 4486c3ffc9 adding new line at end of file 2020-10-07 22:11:05 -05:00
remotephone@gmail.com cde0020d30 T1016 detection rules 2020-10-07 22:09:15 -05:00
Jonhnathan 8d94e993ab Update win_susp_rundll32_activity.yml 2020-10-07 18:27:25 -03:00
Jonhnathan 109b1ea9cf Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-10-07 18:26:11 -03:00
Jonhnathan 15bd7dcd3b Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-10-07 18:26:04 -03:00
Ömer Günal eac5ac9fc1 removed duplicate filter 2020-10-08 00:18:38 +03:00
Ömer Günal e6588c08f4 Create lnx_system_info_discovery.yml 2020-10-08 00:15:46 +03:00
Ömer Günal 2cea3800de Create lnx_password_policy_discovery.yml 2020-10-08 00:14:40 +03:00
Semanur Guneysu 357d4bd895 Update sysmon_abusing_debug_privilege.yml 2020-10-07 23:34:03 +03:00
Craig Young deb8db8599 Adding extension 
Woops
 2020-10-07 16:05:58 -04:00
Craig Young a0dfde8478 Added UUID 2020-10-07 16:01:53 -04:00
esebese 127bc075b0 [OSCD] win_class_exec_xwizard.yml added 2020-10-07 22:49:12 +03:00
Craig Young aea3c13d01 Initial commit 
Other parameters besides \query may also be useful for credential dumping. This should be researched.
 2020-10-07 15:33:26 -04:00
Ömer Günal f00e79d123 Create lnx_file_deletion.yml 2020-10-07 22:28:37 +03:00