security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
yugoslavskiy 816ce5937c Update win_susp_crackmapexec_execution.yml 2020-12-01 01:29:35 +01:00
Vasiliy Burov cf8d195c5c Update win_susp_multiple_files_renamed_or_deleted.yml 2020-11-30 11:49:42 +03:00
yugoslavskiy 56f94a19f7 Update win_regedit_export_keys.yml 2020-11-30 02:08:54 +01:00
yugoslavskiy 0414d7a498 Merge branch 'oscd' into master 2020-11-30 02:04:03 +01:00
yugoslavskiy 424f1523d8 restore original rule 2020-11-30 01:32:06 +01:00
yugoslavskiy e1cd98c97d restore original rule 2020-11-30 01:31:00 +01:00
Yugoslavskiy Daniil d812a3e08e resolve conflict restoring rule win_susp_replace_lolbin.yml 2020-11-30 01:09:24 +01:00
Yugoslavskiy Daniil 98617609d6 Merge branch 'oscd' into HEAD 2020-11-30 01:07:26 +01:00
Yugoslavskiy Daniil 50623544a2 remove possible duplicate filter 2020-11-29 22:03:19 +01:00
yugoslavskiy 69de4598fd restore the original file 2020-11-29 21:32:46 +01:00
yugoslavskiy 871f965109 Update lnx_susp_named.yml 2020-11-29 21:31:54 +01:00
yugoslavskiy 769ef23ccf restore the original file 2020-11-29 21:30:50 +01:00
OG 70fb078a56 Update sysmon_office_test_regadd.yml 2020-11-29 18:02:37 +05:30
OG 8e801ede32 Update win_susp_psexec_eula.yml 2020-11-29 17:45:29 +05:30
yugoslavskiy 02ea91ec8b Update proxy_ursnif_malware.yml 2020-11-28 19:09:07 +01:00
yugoslavskiy e932eda645 Update proxy_cobalt_onedrive.yml 2020-11-28 19:07:07 +01:00
yugoslavskiy e97c4b0ac5 Update zeek_smb_converted_win_susp_psexec.yml 2020-11-28 19:05:22 +01:00
yugoslavskiy 68a62a5428 Update zeek_smb_converted_win_impacket_secretdump.yml 2020-11-28 19:02:53 +01:00
yugoslavskiy 207623d2d7 Update proxy_susp_flash_download_loc.yml 2020-11-28 18:59:00 +01:00
yugoslavskiy 8c2f884504 restore the rule 2020-11-28 18:53:13 +01:00
yugoslavskiy 5afb445b8b restored the rule 2020-11-28 18:52:43 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
yugoslavskiy 7dc5233dd9 Update win_susp_commands_recon_activity.yml 2020-11-28 18:43:04 +01:00
yugoslavskiy 5196926d60 Update sysmon_stickykey_like_backdoor.yml 2020-11-28 18:33:21 +01:00
yugoslavskiy 39c2258848 Update sysmon_registry_persistence_search_order.yml 2020-11-28 18:30:41 +01:00
yugoslavskiy 9f8ef95571 Update win_webshell_detection.yml 2020-11-28 18:25:09 +01:00
yugoslavskiy c761d05a17 Update win_system_exe_anomaly.yml 2020-11-28 18:03:19 +01:00
yugoslavskiy 258334d6d1 Update win_susp_wmi_execution.yml 2020-11-28 18:01:06 +01:00
Jonhnathan 95eb7424aa Update sysmon_susp_run_key_img_folder.yml 2020-11-28 13:54:59 -03:00
Jonhnathan f504ccc33f Update sysmon_susp_reg_persist_explorer_run.yml 2020-11-28 13:52:36 -03:00
Jonhnathan 986800056c Update sysmon_stickykey_like_backdoor.yml 2020-11-28 13:50:13 -03:00
yugoslavskiy c0c74a05df Update win_susp_sysvol_access.yml 2020-11-28 17:49:21 +01:00
Jonhnathan ef34c94e6a Update sysmon_registry_persistence_search_order.yml 2020-11-28 13:49:18 -03:00
yugoslavskiy 3c75bc922a Update win_susp_squirrel_lolbin.yml 2020-11-28 17:47:16 +01:00
Jonhnathan 06cc5049a4 Update sysmon_dns_serverlevelplugindll.yml 2020-11-28 13:46:02 -03:00
yugoslavskiy 42f27a41cb Update win_susp_rundll32_by_ordinal.yml 2020-11-28 17:44:30 +01:00
yugoslavskiy ca0a6547fb Update win_susp_run_locations.yml 2020-11-28 17:42:47 +01:00
Jonhnathan f1455e0c38 Update win_win10_sched_task_0day.yml 2020-11-28 13:42:30 -03:00
Jonhnathan fe3ed329ef Update win_webshell_recon_detection.yml 2020-11-28 13:41:11 -03:00
yugoslavskiy ea550cf551 Update win_susp_regsvr32_anomalies.yml 2020-11-28 17:40:40 +01:00
Jonhnathan f0bf3d13b5 Update win_webshell_detection.yml 2020-11-28 13:38:34 -03:00
Jonhnathan 9f4bbb7e65 Update win_webshell_detection.yml 2020-11-28 13:35:50 -03:00
yugoslavskiy bcf62fba72 Update win_susp_ps_appdata.yml 2020-11-28 17:34:34 +01:00
yugoslavskiy 2ed4b26291 Update win_susp_procdump.yml 2020-11-28 17:33:02 +01:00
Jonhnathan 0d0f58c830 Update win_system_exe_anomaly.yml 2020-11-28 13:32:44 -03:00
yugoslavskiy a3e436363e Update win_susp_powershell_parent_combo.yml 2020-11-28 17:31:37 +01:00
Jonhnathan c9b5ba10f8 Update win_susp_wmi_execution.yml 2020-11-28 13:30:34 -03:00
yugoslavskiy c01c05b826 Update win_susp_powershell_enc_cmd.yml 2020-11-28 17:29:15 +01:00
Jonhnathan f6117eebc7 Update win_susp_sysvol_access.yml 2020-11-28 13:27:28 -03:00
Jonhnathan 88b4d4c4e5 Update win_susp_sysvol_access.yml 2020-11-28 13:26:22 -03:00