security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Jonhnathan e35b09e1a6 Remove out of context falsepositive 2020-11-20 01:55:48 -03:00
Jonhnathan d595df2879 Fix 2020-11-20 01:53:15 -03:00
Jonhnathan 6f3daad053 Update sysmon_apt_oceanlotus_registry.yml 2020-11-20 01:51:53 -03:00
Jonhnathan 9967bd1fe5 Update sysmon_apt_oceanlotus_registry.yml 2020-11-20 01:51:01 -03:00
Jonhnathan 1af9e9ed48 Update sysmon_win_reg_persistence.yml 2020-11-20 01:47:19 -03:00
Jonhnathan 8d8c29e0fe Update sysmon_uac_bypass_sdclt.yml 2020-11-20 01:42:17 -03:00
Jonhnathan 372f000b7f Update sysmon_uac_bypass_eventvwr.yml 2020-11-20 01:41:20 -03:00
Jonhnathan e8aa9a854a Update sysmon_uac_bypass_eventvwr.yml 2020-11-20 01:40:29 -03:00
Jonhnathan 57e98e3957 Remove additional backlash 2020-11-20 01:38:57 -03:00
Jonhnathan 9cf2ea5862 Update sysmon_susp_service_installed.yml 2020-11-20 01:38:17 -03:00
Jonhnathan 1acc19a8d5 Remove additional backlash 2020-11-20 01:37:24 -03:00
Jonhnathan ab2edd1ff0 Update sysmon_malware_verclsid_shellcode.yml 2020-11-20 01:34:43 -03:00
Jonhnathan 240a8b9aa0 Update sysmon_lazagne_cred_dump_lsass_access.yml 2020-11-20 01:33:04 -03:00
Jonhnathan ebd9973dcb Update sysmon_lazagne_cred_dump_lsass_access.yml 2020-11-20 01:32:41 -03:00
Jonhnathan 2194744803 Update sysmon_invoke_phantom.yml 2020-11-20 01:30:58 -03:00
Jonhnathan 4af7f00f4a Improve logic 2020-11-20 01:30:01 -03:00
Jonhnathan 728276ef13 Improve Logic 2020-11-20 01:22:20 -03:00
Jonhnathan ee43919eec Change detection logic 2020-11-20 01:05:06 -03:00
Jonhnathan c42911cb47 Update win_wmi_persistence.yml 2020-11-20 00:58:49 -03:00
Jonhnathan 718792e0ba Update win_tool_psexec.yml 2020-11-20 00:57:16 -03:00
Jonhnathan b3e0b55250 Remove additional backslash 2020-11-20 00:53:13 -03:00
Jonhnathan 813afd4f4c Remove additional backslash 2020-11-20 00:52:54 -03:00
Jonhnathan f6a89e9707 Fix Detection Logic 2020-11-20 00:51:22 -03:00
Jonhnathan 0ffd1ef47f Remove additional backslash 2020-11-19 23:15:38 -03:00
Jonhnathan 351a9920ed Update win_mal_flowcloud.yml 2020-11-19 23:14:44 -03:00
Jonhnathan 43ffb80d94 Remove additional backslash 2020-11-19 23:09:50 -03:00
Jonhnathan 44652c4ffd Remove additional backslash 2020-11-19 23:08:40 -03:00
Jonhnathan 9a5b17f2bb Remove additional backslash 2020-11-19 23:04:26 -03:00
Jonhnathan f79caba72a Remove additional backslash 2020-11-19 22:58:50 -03:00
Jonhnathan 6ecafac619 Update sysmon_susp_driver_load.yml 2020-11-19 22:56:34 -03:00
Jonhnathan f42ef96140 Fix Reference 2020-11-19 22:50:27 -03:00
Jonhnathan fdd28556cf Fix ref 2020-11-19 22:48:20 -03:00
Jonhnathan 4f4fcbc576 Update win_susp_wmi_login.yml 2020-11-19 22:47:20 -03:00
Jonhnathan ea385767b9 Update win_susp_ntlm_auth.yml 2020-11-19 22:40:43 -03:00
Jonhnathan 5d85bbba56 Improve detection logic 2020-11-19 22:37:13 -03:00
Jonhnathan c20bce4a77 Update win_susp_msmpeng_crash.yml 2020-11-19 22:30:48 -03:00
Jonhnathan 7fe2c00ac1 Update win_net_ntlm_downgrade.yml 2020-11-19 22:14:37 -03:00
Jonhnathan 371c112143 Fix the detection logic 
ObjectName = admin was included in the query using AND, not OR.
 2020-11-19 21:45:19 -03:00
Ömer Günal 1582c5230a Update lnx_process_discovery.yml 2020-11-18 23:25:15 +03:00
Thomas Patzke 199a897f75 Fix rule indent 2020-11-17 10:12:55 +01:00
v3t0 3d206b08d8 [OSCD] Added a rule to detect potential persistence using registry keys 2020-11-15 19:04:12 -05:00
yugoslavskiy 2939b33ab5 Update lnx_network_service_scanning.yml 2020-11-16 01:00:09 +01:00
Ömer Günal edc416a1d8 Update lnx_system_info_discovery.yml 2020-11-14 19:24:23 +03:00
Ömer Günal 821bdf8ab4 Update lnx_install_root_certificate.yml 2020-11-14 19:19:28 +03:00
stvetro 19eb8306d3 Removed unnessary antifalse positive 2020-11-14 09:50:29 +04:00
Ömer Günal 19cad11a4a Update lnx_system_info_discovery.yml 2020-11-10 20:11:49 +03:00
Ömer Günal ab959394ab Update lnx_install_root_certificate.yml 2020-11-10 20:09:46 +03:00
Ömer Günal f41accab33 Update lnx_install_root_certificate.yml 2020-11-10 20:09:03 +03:00
Ryan Plas d4d694b4da Logic fix for sysmon_non_priv_program_files_move 2020-11-10 10:01:47 -05:00
Florian Roth af4d546408 Merge pull request #1282 from Neo23x0/rule-devel 
fix: FPs with notepad++ GUP rule
 2020-11-10 13:39:28 +01:00