security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Florian Roth 203e6cf7b2 Merge pull request #1599 from d4rk-d4nph3/master 
New rule and update for PrintNightmare
 2021-07-02 09:27:30 +02:00
Sittikorn S 990699b81c Update av_printernightmare_cve_2021_34527.yml 2021-07-02 11:54:37 +07:00
Sittikorn S e94cdbbf84 Update and rename av_printernightmare_cve_2021_1675.yml to av_printernightmare_cve_2021_34527.yml 
Assign CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
 2021-07-02 11:50:24 +07:00
wagga40 ae670603e8 Updated PrintNightmare Sysmon Imageload based rule with modifiers 2021-07-01 21:34:53 +02:00
Florian Roth b09efee045 Merge pull request #1600 from SigmaHQ/rule-devel 
rule: suspicious printer driver - empty manufacturer
 2021-07-01 16:46:09 +02:00
Florian Roth e97bdf36f9 rule: suspicious printer driver - empty manufacturer 2021-07-01 13:55:21 +02:00
Bhabesh Rai 08a7886621 Added rule for deletion of DLLs by PrintNightmare 2021-07-01 16:33:55 +05:45
Bhabesh Rai 37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Florian Roth 7584471e2a Merge pull request #1598 from SigmaHQ/rule-devel 
rule: CVE-2021-1675 Operational Log
 2021-07-01 12:05:10 +02:00
Florian Roth b9678f5456 Merge pull request #1595 from BlackB0lt/patch-10 
Create av_printernightmare_cve_2021_1675.yml
 2021-07-01 10:29:28 +02:00
Florian Roth 69a64b166c fix: missing indentation 2021-07-01 10:29:20 +02:00
Florian Roth 68b5ed6015 Merge pull request #1587 from BlackB0lt/patch-8 
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml
 2021-07-01 10:28:47 +02:00
Florian Roth 66f21faec0 rule: CVE-2021-1675 Operational Log 2021-07-01 10:28:10 +02:00
Florian Roth f438039af9 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Florian Roth a9500a3b1a refactor: any finding in spool drivers is relevant 2021-07-01 09:46:35 +02:00
Bhabesh Rai 69ca905506 Fixed bug in path 2021-07-01 12:26:00 +05:45
Bhabesh Rai dac9831d59 Fixed modified date 2021-07-01 12:23:38 +05:45
Bhabesh Rai 86f0ff5e44 Added new paths 2021-07-01 12:21:27 +05:45
Bhabesh Rai 206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai e2c6b6977d Added new path 2021-07-01 12:12:09 +05:45
Sittikorn S 3382d5da09 Create av_printernightmare_cve_2021_1675.yml 2021-07-01 13:04:19 +07:00
Florian Roth cb63816dcc Merge pull request #1593 from hieuttmmo/master 
PrintNightmare Detection using ImageLoad
 2021-06-30 16:10:19 +02:00
Florian Roth 1ac79238dc Merge pull request #1592 from SigmaHQ/rule-devel 
rules: CVE-2021-1675 exploitation events
 2021-06-30 16:09:34 +02:00
Florian Roth 7a96b40895 rule: CVE-2021-1675 eventid extension 2021-06-30 16:08:33 +02:00
hieuttmmo dceb13fe3f Merge branch 'SigmaHQ:master' into master 2021-06-30 20:36:23 +07:00
Tran Trung Hieu 579220de6f Detect the PrintNighmare exploit using ImageLoad 2021-06-30 20:30:22 +07:00
Florian Roth c508e71165 rules: CVE-2021-1675 exploitation events 2021-06-30 14:51:20 +02:00
Florian Roth 19962c6fe4 Merge pull request #1590 from SigmaHQ/rule-devel 
config: mappings for Microsoft print service
 2021-06-30 14:50:52 +02:00
Florian Roth d2f7edc778 refactor: change title of older CVE-2021-1675 rule 2021-06-30 14:23:14 +02:00
Sittikorn S 9ae8fedff3 Update aws_ec2_disable_encryption.yml 2021-06-29 18:05:25 +07:00
Florian Roth 9899dd9b82 Merge pull request #1579 from frack113/fix_pr_1022 
Fix file from PR 1022
 2021-06-29 12:51:08 +02:00
Florian Roth 9c769a3fce Update aws_securityhub_finding_evasion.yml 2021-06-29 12:49:32 +02:00
Sittikorn S c9ce298b2e Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 
remove http response
 2021-06-29 17:49:01 +07:00
Florian Roth 863941bff5 Merge pull request #1586 from BlackB0lt/patch-7 
Update sysmon_rclone_execution.yml
 2021-06-29 12:46:24 +02:00
Florian Roth bbe67ddc73 Merge pull request #1589 from WojciechLesicki/master 
CobaltStrike Service Installations in Registry
 2021-06-29 12:44:10 +02:00
Florian Roth 1425ede905 Merge pull request #1588 from SigmaHQ/rule-devel 
CVE-2021-1675 Print Spooler Exploitation
 2021-06-29 12:31:37 +02:00
Florian Roth a27d3d5880 docs: add 2nd Github upload 2021-06-29 12:31:13 +02:00
Wojciech Lesicki 7c8f9b2d8c Merge branch 'SigmaHQ:master' into master 2021-06-29 11:05:42 +02:00
WojciechLesicki ae317652f7 Back to upstream version. 2021-06-29 11:02:55 +02:00
WojciechLesicki 364cfe56c2 Base to upstream version 2021-06-29 10:57:36 +02:00
WojciechLesicki 8b2881328f CobaltStrike Service Installations in Registry 2021-06-29 10:52:10 +02:00
Sittikorn S 14d1c68cc8 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 15:19:22 +07:00
Florian Roth b2ac3353dc rule: CVE-2021-1675 2021-06-29 10:11:08 +02:00
Sittikorn S 67f483e6a9 Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 14:17:27 +07:00
Sittikorn S c446c519cf Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:59:08 +07:00
Sittikorn S f3c1d78615 Create web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:56:30 +07:00
Sittikorn S 56004fc49b Update sysmon_rclone_execution.yml 
Add RClone Command that used by DarkSide malware
 2021-06-29 13:44:03 +07:00
Sittikorn S c2e701958e Create aws_ec2_disable_encryption.yml 2021-06-29 11:06:00 +07:00
Florian Roth 9e3caf4ceb refactor: non-interactive Powershell to "low" 2021-06-28 16:38:34 +02:00
Andreas Hunkeler 756b8eed26 Add Synergy as possible FP for PortProxy key 2021-06-28 12:10:16 +02:00