security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

7964 Commits

Author SHA1 Message Date
yugoslavskiy 60f71d911d shorten the title to pass the test 2020-10-20 17:08:11 +02:00
Florian Roth ee789a309c fix: FP with expression 2020-10-20 13:11:10 +02:00
Florian Roth 198b292c26 rule: emotet encoded commands 2020-10-20 12:51:58 +02:00
Yugoslavskiy Daniil e95749e190 fix syntax 2020-10-20 05:10:11 +02:00
Yugoslavskiy Daniil 99b40e4a6a chage list of plist to contains modifier. could be easily bypassed with endswith 2020-10-20 05:09:08 +02:00
Yugoslavskiy Daniil cea24c9984 add macos_disable_security_tools.yml, oscd initiative issue #1012, task number 60 2020-10-20 05:06:43 +02:00
Yugoslavskiy Daniil 2890adf093 add macos_xattr_gatekeeper_bypass.yml, oscd initiative issue #1012, task number 55 2020-10-20 04:34:02 +02:00
Yugoslavskiy Daniil 5a8c7cd3f9 add missing falcond 2020-10-20 04:00:16 +02:00
Yugoslavskiy Daniil 6f3ac02cb3 add lnx_security_software_discovery.yml, oscd initiative issue #1011, task number 26 2020-10-20 03:57:41 +02:00
Yugoslavskiy Daniil f0663c8412 add macos_security_software_discovery.yml, oscd initiative issue #1012, task number 41 2020-10-20 03:46:41 +02:00
Yugoslavskiy Daniil 491f9d023c add lnx_file_and_directory_discovery.yml, oscd initiative issue #1011, task number 18 2020-10-20 03:05:32 +02:00
Yugoslavskiy Daniil 7c50729388 add macos_file_and_directory_discovery.yml, oscd initiative issue #1012, task number 28 2020-10-20 02:58:08 +02:00
Yugoslavskiy Daniil 34591f9f64 add lnx_system_network_connections_discovery.yml, oscd initiative issue #1011, task number 8 2020-10-20 01:17:06 +02:00
Yugoslavskiy Daniil 941fbebcdc add macos_system_network_connections_discovery.yml, oscd initiative issue #1012, task number 14 2020-10-20 01:14:56 +02:00
Yugoslavskiy Daniil 272fbcc378 fix title 2020-10-20 00:47:02 +02:00
Yugoslavskiy Daniil f0060dec67 fix title 2020-10-20 00:44:23 +02:00
Yugoslavskiy Daniil 1ecb2c1932 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:39:06 +02:00
Yugoslavskiy Daniil 8b01062d17 add lnx_base64_decode.yml, oscd initiative issue #1011, task number 4 2020-10-20 00:37:53 +02:00
Yugoslavskiy Daniil cc3ef973c0 add macos_base64_decode.yml, oscd initiative issue #1012, task number 3 2020-10-20 00:36:21 +02:00
Tim I 0323e50011 Detect credential access for macOS via Keychain 2020-10-19 23:37:46 +03:00
stvetro 6bc483d287 Added mitre tags 2020-10-19 19:28:52 +04:00
stvetro 43707c9023 Added mitre tags 2020-10-19 19:20:52 +04:00
Mikhail Larin f75654a3f5 fix indentation 2020-10-19 18:19:38 +03:00
Mikhail Larin fe6459d07e commit to restart checker 2020-10-19 17:20:43 +03:00
Mikhail Larin ddc2d2635d fix wrong tactic 2020-10-19 17:16:22 +03:00
Mikhail Larin 42cc1dc552 fix non-present binary 2020-10-19 17:01:23 +03:00
Mikhail Larin e0e81b5c25 fix newlines 2020-10-19 16:45:42 +03:00
Mikhail Larin a64a70f7ed fix nelwines 2020-10-19 16:44:18 +03:00
Mikhail Larin 85adbc3137 fix newlines 2020-10-19 16:42:43 +03:00
Mikhail Larin 008260b0e4 fix newlines 2020-10-19 16:41:24 +03:00
Mikhail Larin 058c77f6a6 fix newlines 2020-10-19 16:39:41 +03:00
Mikhail Larin dc320e5be2 t1552.001 for lin/macOS 2020-10-19 16:34:13 +03:00
Mikhail Larin c460dcf5de t1552.001 for lin/macos 2020-10-19 16:32:01 +03:00
Mikhail Larin d7e8a802bd t1552.001 for Lin/macOS 2020-10-19 16:28:43 +03:00
Mikhail Larin d9fba92adf t1030 for lin/macos 2020-10-19 16:25:31 +03:00
Mikhail Larin c9ca0a79b6 t1070.006 for lin/macos 2020-10-19 16:17:04 +03:00
Nikita Nazarov 654bd7bdba Update win_software_discovery.yml 
Add edits
 2020-10-19 11:05:45 +03:00
Jonhnathan 6b2c235ab3 Update win_susp_replace_lolbin.yml 2020-10-18 23:44:18 -03:00
v3t0 3a550af9f7 [OSCD] Added a rule to detect execution of runonce with suspicious parameters 2020-10-18 22:38:13 -04:00
v3t0 755a714884 [OSCD] Added a rule to detect the execution of tracker.exe with suspicious arguments 2020-10-18 19:35:57 -04:00
Alejandro Ortuno 41f5d7e876 Adding Ömer as leading author 2020-10-18 20:30:32 +02:00
Alejandro Ortuno 8a43dec5a3 Adding Ömer as the leading author 2020-10-18 20:28:55 +02:00
Vasiliy Burov 439f88f75a Create win_mal_lockergoga.yml 2020-10-18 20:25:37 +03:00
Ensar Şamil 4619e98602 Update win_pe_exec_vsjitdebugger.yml 2020-10-18 20:08:29 +03:00
Timur Zinniatullin 0d5b03342a Add win_invoke_obfuscation_via_compress.yml 2020-10-18 19:51:20 +03:00
Timur Zinniatullin 8b255ab959 Add powershell_invoke_obfuscation_via_compress.yml 2020-10-18 19:50:58 +03:00
Timur Zinniatullin 30f7dad901 Add win_invoke_obfuscation_via_compress_services.yml 2020-10-18 19:50:30 +03:00
stvetro 65fc968658 Create win_susp_file_download_via_gfxdownloadwrapper.yml 2020-10-18 20:40:23 +04:00
stvetro a6d99e4418 Create win_susp_runscripthelper.yml 2020-10-18 20:37:53 +04:00
stvetro 5cb76ef7d4 Create win_winword_dll_load.yml 2020-10-18 20:29:39 +04:00