security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Daniel Masse 71ea5c7437 Add missing product in logsource 2020-12-23 15:45:00 -05:00
Daniel Masse 0f51e53d0e Fix bug changing the logsource service to category 2020-12-23 15:12:31 -05:00
Daniel Masse e4c052154d Remove unneeded file 2020-12-23 14:30:24 -05:00
Daniel Masse d2edf715f2 Split up cmstp rule into 3 separate rules and remove duplicates 2020-12-23 12:17:39 -05:00
Florian Roth dedc34e91a fix: typos and description 2020-12-23 14:46:08 +01:00
Florian Roth cdc29dfbe8 rule: Lazarus activity 2020-12-23 14:43:32 +01:00
Florian Roth 821af35557 Merge pull request #1313 from Neo23x0/rule-devel 
Rule devel
 2020-12-23 13:57:11 +01:00
Florian Roth 7286d01f78 fix: typo in rule 2020-12-23 13:26:44 +01:00
Florian Roth 80aa398392 rule: Lazarus group loaders 2020-12-23 13:25:16 +01:00
Florian Roth e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth c3f891beab Merge pull request #1286 from V3T0/v3t0_oscd_lolbas_runonce_susp_persistence_ 
[OSCD] Added a rule to detect potential persistence using registry keys
 2020-12-21 18:33:17 +01:00
Florian Roth 7954684fbf Merge pull request #1260 from alejandroortuno/remote-system-discovery 
[OSCD] Remote System Discovery
 2020-12-21 18:32:08 +01:00
Florian Roth 64197d0dec Merge pull request #1261 from alejandroortuno/emond 
[OSCD] MacOS Emond Launch Daemon
 2020-12-21 18:30:56 +01:00
Florian Roth 133b98ffcb Merge pull request #1262 from invrep-de/oscd 
[OSCD] Bad Opsec Sacrificial Processes Argument Discrepancy
 2020-12-21 18:30:21 +01:00
Florian Roth f20f346a6a Merge pull request #1264 from omkar72/sdev-1 
Adding 2 rules - Conhost & office test registry persistence
 2020-12-21 18:28:59 +01:00
Florian Roth e78d7e6aee Merge pull request #1296 from mat-gas/fix-references 
fix "references" field + add test for references in plural form
 2020-12-21 18:25:35 +01:00
Florian Roth 377454cb31 Merge pull request #1299 from tjgeorgen/patch-1 
ATT&CK subtechnique tag updates
 2020-12-21 18:24:00 +01:00
Florian Roth 35ab80b39e Merge pull request #1306 from d4rk-d4nph3/master 
Added rule for Impacket's PsExec execution
 2020-12-21 18:23:41 +01:00
Florian Roth 9c8e1387a9 rule: Solarwinds SUPERNOVA web shell access 2020-12-17 09:05:08 +01:00
Bhabesh Rai 0a7e95954e Fix for fail build 2020-12-14 12:55:08 +05:45
Bhabesh Rai 63fb31882e Added rule for Impacket's PsExec execution 2020-12-14 12:48:26 +05:45
Florian Roth 80e1a5e7eb Merge pull request #1292 from toffeebr33k/master 
Create 2 new rules on AWS Privilege Escalation and AWS Enumeration
 2020-12-13 19:06:44 +01:00
Florian Roth 1b0aaf62c3 Merge pull request #1266 from omkar72/ryuk 
modifying couple of rules
 2020-12-13 19:05:54 +01:00
Florian Roth e2ade077ed Merge pull request #1275 from bczyz1/patch-3 
update win_apt_slingshot.yml
 2020-12-13 19:04:47 +01:00
Florian Roth 5197f21ed1 fix: duplicate ID 2020-12-13 18:59:04 +01:00
Florian Roth 612008a4d8 fix identation 2020-12-11 18:40:17 +01:00
Tran Trung Hieu edc79a8bb6 Detects suspicious shell spawn from MSSQL process, this might be sight of RCE or SQL Injection 2020-12-11 15:17:23 +07:00
Florian Roth cfe60d180b Merge pull request #1301 from d4rk-d4nph3/master 
Added rule for Fortinet CVE-2018-13379 preauth file read exploitation.
 2020-12-08 11:09:51 +01:00
Florian Roth b6d62b7a21 Merge pull request #1302 from Neo23x0/rule-devel 
TA505 Dropper, minor fix in PowerShell Rule
 2020-12-08 10:40:07 +01:00
Florian Roth 2c642c64d2 Removed a value 2020-12-08 10:38:32 +01:00
Florian Roth a87a81d8cc Update web_fortinet_cve_2018_13379_preauth_read_exploit.yml 2020-12-08 10:33:52 +01:00
Florian Roth 640470cefd TA505 Loader Rule 2020-12-08 10:15:30 +01:00
Bhabesh Rai 3ddf940812 Added rule for Fortinet CVE-2018-13379 preauth file read exploitation. 2020-12-08 14:46:47 +05:45
Florian Roth 540039cbc3 fix: Malicious Nishang PowerShell Commandlets FP with MDATP 2020-12-05 09:33:42 +01:00
tjgeorgen 1c6c3a36fe include updated RDP att&ck tag 2020-12-04 11:59:23 -05:00
tjgeorgen 0eda1ab462 also update tag for folder variant 2020-12-04 11:42:05 -05:00
tjgeorgen 5208bdd65a add new version of ATT&CK T1500 tag 2020-12-04 11:19:16 -05:00
yugoslavskiy 378f663502 Update lnx_clear_logs.yml 2020-12-02 01:28:29 +01:00
yugoslavskiy 6ce08935bb Update lnx_file_deletion.yml 2020-12-02 01:27:35 +01:00
yugoslavskiy 1c4c5af99f Update lnx_clear_logs.yml 2020-12-02 01:24:59 +01:00
Ömer Günal 4ab522815b Update lnx_clear_logs.yml 2020-12-01 21:28:12 +03:00
Ömer Günal d0bb6e9e81 Update lnx_file_deletion.yml 2020-12-01 21:24:57 +03:00
yugoslavskiy a028cdf1ee Update powershell_shellcode_b64.yml 2020-12-01 02:24:35 +01:00
yugoslavskiy 7309fb7d0e Update powershell_winlogon_helper_dll.yml 2020-12-01 02:23:02 +01:00
yugoslavskiy 36754ae3d5 Update win_vul_cve_2020_0688.yml 2020-12-01 02:16:22 +01:00
yugoslavskiy 0188e45925 Update win_malware_script_dropper.yml 2020-12-01 02:12:53 +01:00
yugoslavskiy 30ecc8bd26 Update win_malware_script_dropper.yml 2020-12-01 02:08:52 +01:00
yugoslavskiy 6494103839 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:54:51 +01:00
yugoslavskiy d1b625d080 Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:51:47 +01:00
yugoslavskiy 3cbc2f0aec Update win_susp_powershell_enc_cmd.yml 2020-12-01 01:47:23 +01:00