security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Florian Roth 4022e3251b rule: changed title 2019-11-20 09:16:00 +01:00
Florian Roth 158f6b3065 rule: exploitation of CVE-2019-1388 2019-11-20 09:12:02 +01:00
Florian Roth 98aa4d4ecb fix: fixed typo in rule for renamed procdump 2019-11-19 15:59:07 +01:00
yugoslavskiy 1b591ee598 add JET CSIRT team sysmon_process_reimaging.yml with unsupported logic 2019-11-19 02:17:07 +01:00
yugoslavskiy 2a33e6fed9 unify location of rules with unsupported logic 2019-11-19 02:12:22 +01:00
yugoslavskiy efc404fbae resolve conflicts with rule IDs; restored and deprecated sysmon_mimikatz_detection_lsass.yml 2019-11-19 02:11:19 +01:00
Florian Roth 2c855be9d3 fix: casing fix in renamed procdump rule 2019-11-18 15:57:14 +01:00
Florian Roth fdc32889a7 rule: PulseSecure CVE-2019-11510 attack 2019-11-18 15:33:58 +01:00
Florian Roth 93f890b31d rule: renamed procdump 2019-11-18 15:27:04 +01:00
Florian Roth da05c9bb82 fix: line break in description 2019-11-18 15:26:55 +01:00
Florian Roth 2c54d1afe4 rule: removed Zebrocy rule because it doesn't work that way 
reason: command line gets split up at the '&' character, which results in two command lines
 2019-11-18 11:42:38 +01:00
Austin Clark ad1a6a2bd3 Update cisco_cli_net_sniff.yml 2019-11-15 19:32:53 +01:00
Austin Clark 441a302623 Update cisco_cli_moving_data.yml 2019-11-15 19:31:41 +01:00
Austin Clark 93a40b3b97 Update cisco_cli_modify_config.yml 2019-11-15 19:31:07 +01:00
Austin Clark 9cd6670501 Update cisco_cli_local_accounts.yml 2019-11-15 19:30:33 +01:00
Austin Clark ed85f1e612 Update cisco_cli_input_capture.yml 2019-11-15 19:11:03 +01:00
Austin Clark d8e0cfb64c Update cisco_cli_file_deletion.yml 2019-11-15 19:10:19 +01:00
Austin Clark af1cf4615f Update cisco_cli_dos.yml 2019-11-15 19:09:38 +01:00
Austin Clark 46c63094de Update cisco_cli_discovery.yml 2019-11-15 19:08:53 +01:00
Austin Clark ac07b00497 Update cisco_cli_disable_logging.yml 2019-11-15 19:08:08 +01:00
Austin Clark 6448631005 Update cisco_cli_crypto_actions.yml 2019-11-15 19:07:09 +01:00
Austin Clark 82237fa347 Update cisco_cli_collect_data.yml 2019-11-15 19:05:55 +01:00
Austin Clark 55f467eae2 Update cisco_cli_clear_logs.yml 2019-11-15 19:05:02 +01:00
Florian Roth 04288771a1 fix: bugfix in RottenPotato rule - wrong identifier 2019-11-15 11:50:03 +01:00
Florian Roth 7e6031705e rule: RottenPotato attack pattern 2019-11-15 11:44:18 +01:00
Florian Roth ff3ed04405 rule: Exploiting SetupComplete.cmd CVE-2019-1378 2019-11-15 00:26:18 +01:00
Bart a5b4b276d4 Add scriptlets 
Adds .sct and .vbe.
 2019-11-14 22:26:22 +01:00
Austin Clark 4ec6babdff Delete test 2019-11-14 20:56:21 +01:00
Austin Clark 85403d353c Add files via upload 2019-11-14 20:55:28 +01:00
Austin Clark 2c8f6b5020 Create test 2019-11-14 20:53:56 +01:00
Florian Roth 2b7699cc15 fix: fixed broken condition 2019-11-14 10:15:18 +01:00
Florian Roth 95a8563606 Rule: suspicious msiexec directory 2019-11-14 09:51:55 +01:00
yugoslavskiy ac21810d7a Merge pull request #516 from yugoslavskiy/oscd_task_#2_credentials_dumping 
oscd task #2 completed
 2019-11-14 01:03:27 +03:00
yugoslavskiy 1cc9ddc8b8 Update win_dumping_ntdsdit_via_netsync.yml 2019-11-14 01:00:28 +03:00
yugoslavskiy d29941b414 Update win_dumping_ntdsdit_via_dcsync.yml 2019-11-14 00:59:38 +03:00
yugoslavskiy 01ed5a7135 Update sysmon_unsigned_image_loaded_into_lsass.yml 2019-11-14 00:58:39 +03:00
yugoslavskiy 20a5c9498c Update sysmon_raw_disk_access_using_illegitimate_tools.yml 2019-11-14 00:58:00 +03:00
yugoslavskiy 4b8873b706 Update sysmon_lsass_memory_dump_file_creation.yml 2019-11-14 00:55:20 +03:00
yugoslavskiy f0cce60a2c Update sysmon_cred_dump_tools_dropped_files.yml 2019-11-14 00:53:25 +03:00
yugoslavskiy 9b9f37715f Update process_creation_shadow_copies_deletion.yml 2019-11-14 00:50:10 +03:00
yugoslavskiy a1831bb503 Update process_creation_shadow_copies_creation.yml 2019-11-14 00:48:50 +03:00
yugoslavskiy 1445589839 Update process_creation_copying_sensitive_files_with_credential_data.yml 2019-11-14 00:47:14 +03:00
yugoslavskiy c7c29a39b6 Update win_susp_lsass_dump_generic.yml 2019-11-14 00:45:47 +03:00
yugoslavskiy 633c6db254 Update win_remote_registry_management_using_reg_utility.yml 2019-11-14 00:44:47 +03:00
yugoslavskiy cd31354df2 Update win_quarkspwdump_clearing_hive_access_history.yml 2019-11-14 00:43:56 +03:00
yugoslavskiy 334626168c Update win_mal_service_installs.yml 2019-11-14 00:43:03 +03:00
yugoslavskiy cd69111522 Merge branch 'oscd' into master 2019-11-14 00:36:34 +03:00
yugoslavskiy 3cd1abd0a1 Update sysmon_suspicious_remote_thread.yml 2019-11-14 00:34:09 +03:00
yugoslavskiy 1e75979a2a Update sysmon_minidumwritedump_lsass.yml 2019-11-14 00:32:06 +03:00
yugoslavskiy f2caf366cb moved net_possible_dns_rebinding.yml to unsupported logic directory; renamed win_powershell_bitsjob.yaml -> win_powershell_bitsjob.yml 2019-11-14 00:24:53 +03:00