security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yugoslavskiy 81f6f24155 Update lnx_remote_system_discovery.yml 2020-10-29 02:06:20 +01:00
Semanur Guneysu 46c52b4347 Update sysmon_abusing_debug_privilege.yml 2020-10-28 20:11:29 +03:00
nsaddler 07f777d1b5 Update powershell_CL_Mutexverifiers_LOLScript_v2.yml 2020-10-28 19:32:18 +03:00
nsaddler 7ee644eac0 Update powershell_CL_Invocation_LOLScript_v2.yml 2020-10-28 19:30:21 +03:00
nsaddler d0a796439b Update powershell_CL_Invocation_LOLScript.yml 2020-10-28 19:25:43 +03:00
Наталья Шорникова a4a3e01f25 Splitting into two rules 2020-10-28 19:13:29 +03:00
Наталья Шорникова 55a7fe6b9d Splitting into two rules 2020-10-28 19:08:23 +03:00
Alejandro Ortuno 80b1a19246 Added the space at the beginning of the IP ranges. 2020-10-28 10:16:29 +01:00
Alejandro Ortuno 3a58c00feb Removing the echo detection 2020-10-28 10:07:59 +01:00
Alejandro Ortuno e31c8f96e9 added the category 2020-10-28 09:56:01 +01:00
Vasiliy Burov d90ec67cce Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:44:21 +03:00
Vasiliy Burov 744c637125 Delete win_rdp_session_hijacking.yml 2020-10-28 11:38:39 +03:00
Vasiliy Burov 931ccde3e6 Merge branch 'patch-15' of https://github.com/vburov/sigma into patch-15 2020-10-28 11:27:48 +03:00
Vasiliy Burov eec398ea0e Merge branch 'master' into patch-15 2020-10-28 11:27:28 +03:00
Vasiliy Burov 2d2464ba22 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-28 11:20:26 +03:00
Vasiliy Burov fdbd8de219 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit eb166222bd.
 2020-10-28 10:51:18 +03:00
Vasiliy Burov 00f1326ae6 Revert "Update win_susp_multiple_files_renamed_or_deleted.yml" 
This reverts commit 64e48ed94d.
 2020-10-28 10:50:53 +03:00
Jonhnathan 28febe5dd2 Update win_apt_chafer_mar18.yml 2020-10-27 23:28:04 -03:00
Jonhnathan 0860978412 Update win_apt_bear_activity_gtr19.yml 2020-10-27 23:26:34 -03:00
Jonhnathan e24e6da3b5 Update win_apt_apt29_thinktanks.yml 2020-10-27 23:24:04 -03:00
Jonhnathan 467af2ebb5 Update sysmon_susp_prog_location_network_connection.yml 2020-10-27 22:56:32 -03:00
Jonhnathan 266109f3d8 Update win_mal_ryuk.yml 2020-10-27 22:47:41 -03:00
Jonhnathan 514f9ccd28 Update win_mal_ryuk.yml 2020-10-27 22:42:15 -03:00
Jonhnathan 187d1d3e3b Update win_user_driver_loaded.yml 2020-10-27 22:37:50 -03:00
Jonhnathan dbad6c637f Update av_webshell.yml 2020-10-27 22:35:45 -03:00
Jonhnathan 0afe48a0a0 Update av_relevant_files.yml 2020-10-27 22:34:57 -03:00
Jonhnathan 95da1ec500 Update av_relevant_files.yml 2020-10-27 22:32:16 -03:00
Jonhnathan d3c6d9df31 Update win_mal_ryuk.yml 2020-10-27 22:21:16 -03:00
Jonhnathan 98c7639db7 Update mal_azorult_reg.yml 2020-10-27 22:19:04 -03:00
Jonhnathan 8f4d6f802b Update mal_azorult_reg.yml 2020-10-27 22:18:41 -03:00
Jonhnathan bfb50a3d42 Update sysmon_susp_office_dsparse_dll_load.yml 2020-10-27 22:13:02 -03:00
Jonhnathan 3477866451 Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml 2020-10-27 22:10:17 -03:00
Jonhnathan 9fd203e2a3 Update mal_azorult_reg.yml 2020-10-27 22:07:45 -03:00
Jonhnathan ebb84486f5 Update sysmon_susp_adsi_cache_usage.yml 2020-10-27 22:04:31 -03:00
Jonhnathan 182b12614b Update sysmon_quarkspw_filedump.yml 2020-10-27 22:02:47 -03:00
Jonhnathan dde5b46726 Update win_susp_sam_dump.yml 2020-10-27 22:01:31 -03:00
Jonhnathan 61ccdc598d Update win_susp_local_anon_logon_created.yml 2020-10-27 22:00:42 -03:00
Jonhnathan 3eea825898 Update win_net_ntlm_downgrade.yml 2020-10-27 21:59:49 -03:00
Jonhnathan 53ff19f167 Update win_mmc20_lateral_movement.yml 2020-10-27 21:55:17 -03:00
Vasiliy Burov 64e48ed94d Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:33:56 +03:00
Vasiliy Burov eb166222bd Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 23:15:28 +03:00
Vasiliy Burov 172c619719 Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:50:09 +03:00
Vasiliy Burov edede617cf Update win_susp_multiple_files_renamed_or_deleted.yml 2020-10-27 22:36:12 +03:00
Vasiliy Burov 515c4dd9cd Added some false positives issues 2020-10-27 20:35:22 +03:00
Vasiliy Burov 66965cec33 Added some false positives issues 2020-10-27 17:31:46 +03:00
Semanur Guneysu 1e32391e59 Merge branch 'master' of https://github.com/semanurguneysu/sigma into oscd 2020-10-26 19:49:56 +03:00
Semanur Guneysu 27dbf73c0d Update sysmon_abusing_debug_privilege.yml 
comment added
 2020-10-26 19:25:36 +03:00
invrep-de 8a9db12d30 Enhanced to improve specificity 
Enhanced to improve specificity per feedback received;
 2020-10-26 12:05:16 -04:00
invrep-de 7b49a4690e Merge pull request #1 from invrep-de/invrep-bosp-def 
[OSCD] Bad Opsec Defaults Sacrificial Processes
 2020-10-26 11:53:05 -04:00
invrep-de dc41f64023 [OSCD] Bad Opsec Defaults Sacrificial Processes 
Incorporate feedback from @yugoslavskiy;
 2020-10-26 11:52:16 -04:00