blue-team-tools

Author	SHA1	Message	Date
Ivan Dyachkov	78644305d6	'-s' is working too.	2020-10-16 10:39:56 +03:00
Ömer Günal	38c7cb7406	Update lnx_password_policy_discovery.yml	2020-10-16 10:38:36 +03:00
Ömer Günal	f1a6e980e5	added category	2020-10-16 10:33:50 +03:00
Ömer Günal	46e887ef38	Update lnx_clear_logs.yml	2020-10-16 10:32:25 +03:00
Vasiliy Burov	700ed134bc	Update powershell_cmdline_special_characters.yml	2020-10-16 10:18:37 +03:00
Vasiliy Burov	d2184aee5e	Update powershell_cmdline_special_characters.yml	2020-10-16 09:58:59 +03:00
tas_kmanager	9b2268a192	[OSCD] Always Install Elevated - Slide 50 - Rule 2 Page 50 from #574 Rule 2 Look for msiexec spawning command line or powershell then it spawns other processes using enrichment as suggested by @yugoslavskiy	2020-10-15 22:36:28 -04:00
Jonhnathan	56dd924fc3	Update aws_ec2_vm_export_failure.yml	2020-10-15 23:31:55 -03:00
Jonhnathan	ef5fee93f5	Update proxy_ursnif_malware.yml	2020-10-15 23:30:07 -03:00
Jonhnathan	557135722b	Update proxy_ua_hacktool.yml	2020-10-15 23:28:12 -03:00
Jonhnathan	4d46610645	Update proxy_ua_cryptominer.yml	2020-10-15 23:26:31 -03:00
Jonhnathan	229cda76c3	Update proxy_ua_bitsadmin_susp_tld.yml	2020-10-15 23:26:08 -03:00
Jonhnathan	a1d3c8c3ff	Update proxy_telegram_api.yml	2020-10-15 23:25:19 -03:00
Jonhnathan	641c27fbe1	Update proxy_susp_flash_download_loc.yml	2020-10-15 23:24:54 -03:00
Jonhnathan	990ae166d1	Update proxy_powershell_ua.yml	2020-10-15 23:24:06 -03:00
Jonhnathan	d816fa49e7	Update proxy_ios_implant.yml	2020-10-15 23:23:52 -03:00
Jonhnathan	34bda9b09e	Update proxy_downloadcradle_webdav.yml	2020-10-15 23:23:17 -03:00
Jonhnathan	ff8e3cdb22	Update proxy_download_susp_tlds_whitelist.yml	2020-10-15 23:22:57 -03:00
Jonhnathan	be5360b8be	Update proxy_download_susp_tlds_blacklist.yml	2020-10-15 23:22:17 -03:00
Jonhnathan	5615173540	Update proxy_download_susp_dyndns.yml	2020-10-15 23:21:25 -03:00
Jonhnathan	2049e5285b	Update proxy_cobalt_onedrive.yml	2020-10-15 23:20:21 -03:00
Jonhnathan	39787da128	Update proxy_cobalt_ocsp.yml	2020-10-15 23:19:56 -03:00
Jonhnathan	60b7e1caff	Update proxy_cobalt_amazon.yml	2020-10-15 23:19:39 -03:00
Jonhnathan	68d8a903af	Update proxy_chafer_malware.yml	2020-10-15 23:16:17 -03:00
Jonhnathan	05e0dd1ae6	Update zeek_susp_kerberos_rc4.yml	2020-10-15 23:15:23 -03:00
Jonhnathan	f04394467b	Update zeek_smb_converted_win_susp_raccess_sensitive_fext.yml	2020-10-15 23:14:34 -03:00
Jonhnathan	de29d778a5	Update zeek_smb_converted_win_susp_psexec.yml	2020-10-15 23:14:15 -03:00
Jonhnathan	3e600dab82	Update zeek_smb_converted_win_impacket_secretdump.yml	2020-10-15 23:13:47 -03:00
Jonhnathan	50abab7f11	Update zeek_http_executable_download_from_webdav.yml	2020-10-15 23:13:20 -03:00
Jonhnathan	aeb3218dfb	Update net_susp_dns_txt_exec_strings.yml	2020-10-15 23:11:16 -03:00
Jonhnathan	4b8a47e35f	Update net_susp_dns_b64_queries.yml	2020-10-15 23:10:57 -03:00
Jonhnathan	28cfda7676	Update net_mal_dns_cobaltstrike.yml	2020-10-15 23:10:42 -03:00
Jonhnathan	3361b62cc2	Update lnx_auditd_susp_exe_folders.yml	2020-10-15 23:09:06 -03:00
tas_kmanager	23358b8db5	[OSCD] Always Install Elevated - Slide 50 - Rule 1 Page 50 from #574 Rule 1 Look for msiexec spawning command line or powershell	2020-10-15 22:08:45 -04:00
Jonhnathan	d655ebf092	Update lnx_auditd_masquerading_crond.yml	2020-10-15 23:08:08 -03:00
Jonhnathan	e26e5a1e7e	Update lnx_auditd_create_account.yml	2020-10-15 23:07:39 -03:00
Jonhnathan	8fd768aa66	Update lnx_susp_ssh.yml	2020-10-15 23:05:53 -03:00
Jonhnathan	d4284e60f9	Update lnx_susp_named.yml	2020-10-15 23:04:16 -03:00
Jonhnathan	83bad3de98	Update lnx_sudo_cve_2019_14287.yml	2020-10-15 23:03:40 -03:00
Jonhnathan	0ca17e88f6	Update lnx_setgid_setuid.yml	2020-10-15 22:55:41 -03:00
Jonhnathan	68ad66f390	Update lnx_proxy_connection.yml	2020-10-15 22:54:27 -03:00
Jonhnathan	41396636f9	Update lnx_file_copy.yml	2020-10-15 22:53:20 -03:00
Jonhnathan	6185640442	Update lnx_clamav.yml	2020-10-15 22:49:42 -03:00
Jonhnathan	1979906bae	Revert "Create win_susp_replace_lolbin.yml" This reverts commit `e6a6549676`.	2020-10-15 22:45:33 -03:00
Jonhnathan	b0ddaf5ac9	Revert "Changed the rule to download only and not the copy" This reverts commit `1324bc1ad1`.	2020-10-15 22:45:30 -03:00
Yugoslavskiy Daniil	d8a6048492	update /macos_create_hidden_account.yml	2020-10-16 02:05:22 +02:00
Jonhnathan	2332e42e4c	Update win_susp_copy_lateral_movement.yml	2020-10-15 21:01:23 -03:00
Jonhnathan	d4603d196b	Update win_susp_adfind.yml	2020-10-15 21:00:15 -03:00
Jonhnathan	fc6c727c70	Update powershell_malicious_commandlets.yml	2020-10-15 20:59:27 -03:00
Jonhnathan	1584ddf918	Update sysmon_susp_service_installed.yml	2020-10-15 20:50:42 -03:00

... 91 92 93 94 95 ...

7964 Commits