security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
Vasiliy Burov 931ccde3e6 Merge branch 'patch-15' of https://github.com/vburov/sigma into patch-15 2020-10-28 11:27:48 +03:00
Vasiliy Burov eec398ea0e Merge branch 'master' into patch-15 2020-10-28 11:27:28 +03:00
Vasiliy Burov 2d2464ba22 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:20:26 +03:00
Vasiliy Burov fdbd8de219 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit eb166222bd.
 2020-10-28 10:51:18 +03:00
Vasiliy Burov 00f1326ae6 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit 64e48ed94d.
 2020-10-28 10:50:53 +03:00
Jonhnathan 28febe5dd2 Update win_apt_chafer_mar18.yml 2020-10-27 23:28:04 -03:00
Jonhnathan 0860978412 Update win_apt_bear_activity_gtr19.yml 2020-10-27 23:26:34 -03:00
Jonhnathan e24e6da3b5 Update win_apt_apt29_thinktanks.yml 2020-10-27 23:24:04 -03:00
Jonhnathan 467af2ebb5 Update sysmon_susp_prog_location_network_connection.yml 2020-10-27 22:56:32 -03:00
Jonhnathan 266109f3d8 Update win_mal_ryuk.yml 2020-10-27 22:47:41 -03:00
Jonhnathan 514f9ccd28 Update win_mal_ryuk.yml 2020-10-27 22:42:15 -03:00
Jonhnathan 187d1d3e3b Update win_user_driver_loaded.yml 2020-10-27 22:37:50 -03:00
Jonhnathan dbad6c637f Update av_webshell.yml 2020-10-27 22:35:45 -03:00
Jonhnathan 0afe48a0a0 Update av_relevant_files.yml 2020-10-27 22:34:57 -03:00
Jonhnathan 95da1ec500 Update av_relevant_files.yml 2020-10-27 22:32:16 -03:00
Jonhnathan d3c6d9df31 Update win_mal_ryuk.yml 2020-10-27 22:21:16 -03:00
Jonhnathan 98c7639db7 Update mal_azorult_reg.yml 2020-10-27 22:19:04 -03:00
Jonhnathan 8f4d6f802b Update mal_azorult_reg.yml 2020-10-27 22:18:41 -03:00
Jonhnathan bfb50a3d42 Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
Jonhnathan 3477866451 Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
Jonhnathan 9fd203e2a3 Update mal_azorult_reg.yml 2020-10-27 22:07:45 -03:00
Jonhnathan ebb84486f5 Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
Jonhnathan 182b12614b Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
Jonhnathan dde5b46726 Update win_susp_sam_dump.yml 2020-10-27 22:01:31 -03:00
Jonhnathan 61ccdc598d Update win_susp_local_anon_logon_created.yml 2020-10-27 22:00:42 -03:00
Jonhnathan 3eea825898 Update win_net_ntlm_downgrade.yml 2020-10-27 21:59:49 -03:00
Jonhnathan 53ff19f167 Update win_mmc20_lateral_movement.yml 2020-10-27 21:55:17 -03:00
Vasiliy Burov 64e48ed94d Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:33:56 +03:00
Vasiliy Burov eb166222bd Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:15:28 +03:00
Vasiliy Burov 172c619719 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:50:09 +03:00
Vasiliy Burov edede617cf Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:36:12 +03:00
Vasiliy Burov 515c4dd9cd Added some false positives issues 2020-10-27 20:35:22 +03:00
Vasiliy Burov 66965cec33 Added some false positives issues 2020-10-27 17:31:46 +03:00
Semanur Guneysu 1e32391e59 Merge branch 'master' of https://github.com/semanurguneysu/sigma into oscd 2020-10-26 19:49:56 +03:00
Semanur Guneysu 27dbf73c0d Update sysmon_abusing_debug_privilege.yml 
comment added
 2020-10-26 19:25:36 +03:00
invrep-de 8a9db12d30 Enhanced to improve specificity 
Enhanced to improve specificity per feedback received;
 2020-10-26 12:05:16 -04:00
invrep-de dc41f64023 [OSCD] Bad Opsec Defaults Sacrificial Processes 
Incorporate feedback from @yugoslavskiy;
 2020-10-26 11:52:16 -04:00
Semanur Guneysu 1b3cb8a64b Delete .DS_Store 2020-10-26 18:15:57 +03:00
Semanur Guneysu db49c436a3 Update sysmon_abusing_debug_privilege.yml 2020-10-26 18:08:05 +03:00
Semanur Guneysu bc5e9b57e9 Update sysmon_abusing_debug_privilege.yml 2020-10-26 17:45:13 +03:00
Semanur Guneysu 2dab2d420c Update sysmon_abusing_debug_privilege.yml 2020-10-26 15:24:00 +03:00
Semanur Guneysu 4e1143502e Create .DS_Store 2020-10-26 15:18:20 +03:00
Semanur Guneysu cb5a541a5e Update sysmon_abusing_debug_privilege.yml 
NT AUTHORITY\SYSTEM
 2020-10-26 14:56:25 +03:00
Semanur Guneysu 3ff10b160f Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:44:27 +03:00
Semanur Guneysu e65b8249d7 Update sysmon_abusing_debug_privilege.yml 2020-10-26 14:39:43 +03:00
S.kiran kumar b5e07f0a37 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 17:00:50 +05:30
Semanur Guneysu 70beef515d Update sysmon_abusing_debug_privilege.yml 
mitre tag added.Checked.
 2020-10-26 14:01:46 +03:00
Vasiliy Burov b84fc7850c Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 13:48:19 +03:00
Vasiliy Burov 779596334c Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-26 12:35:16 +03:00
Vasiliy Burov 6da58584c5 Update win_susp_multiple_files_renamed_or_deleted.yml 
Added an issue into 'falsepositives' section.
 2020-10-26 12:14:59 +03:00