security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mikhail Larin f75654a3f5 fix indentation 2020-10-19 18:19:38 +03:00
Mikhail Larin fe6459d07e commit to restart checker 2020-10-19 17:20:43 +03:00
Mikhail Larin ddc2d2635d fix wrong tactic 2020-10-19 17:16:22 +03:00
Mikhail Larin 42cc1dc552 fix non-present binary 2020-10-19 17:01:23 +03:00
Mikhail Larin e0e81b5c25 fix newlines 2020-10-19 16:45:42 +03:00
Mikhail Larin a64a70f7ed fix nelwines 2020-10-19 16:44:18 +03:00
Mikhail Larin 85adbc3137 fix newlines 2020-10-19 16:42:43 +03:00
Mikhail Larin 008260b0e4 fix newlines 2020-10-19 16:41:24 +03:00
Mikhail Larin 058c77f6a6 fix newlines 2020-10-19 16:39:41 +03:00
Mikhail Larin dc320e5be2 t1552.001 for lin/macOS 2020-10-19 16:34:13 +03:00
Mikhail Larin c460dcf5de t1552.001 for lin/macos 2020-10-19 16:32:01 +03:00
Mikhail Larin d7e8a802bd t1552.001 for Lin/macOS 2020-10-19 16:28:43 +03:00
Mikhail Larin d9fba92adf t1030 for lin/macos 2020-10-19 16:25:31 +03:00
Mikhail Larin c9ca0a79b6 t1070.006 for lin/macos 2020-10-19 16:17:04 +03:00
Nikita Nazarov 654bd7bdba Update win_software_discovery.yml 
Add edits
 2020-10-19 11:05:45 +03:00
Jonhnathan 6b2c235ab3 Update win_susp_replace_lolbin.yml 2020-10-18 23:44:18 -03:00
v3t0 3a550af9f7 [OSCD] Added a rule to detect execution of runonce with suspicious parameters 2020-10-18 22:38:13 -04:00
v3t0 755a714884 [OSCD] Added a rule to detect the execution of tracker.exe with suspicious arguments 2020-10-18 19:35:57 -04:00
Alejandro Ortuno 41f5d7e876 Adding Ömer as leading author 2020-10-18 20:30:32 +02:00
Alejandro Ortuno 8a43dec5a3 Adding Ömer as the leading author 2020-10-18 20:28:55 +02:00
Vasiliy Burov 439f88f75a Create win_mal_lockergoga.yml 2020-10-18 20:25:37 +03:00
Ensar Şamil 4619e98602 Update win_pe_exec_vsjitdebugger.yml 2020-10-18 20:08:29 +03:00
Timur Zinniatullin 0d5b03342a Add win_invoke_obfuscation_via_compress.yml 2020-10-18 19:51:20 +03:00
Timur Zinniatullin 8b255ab959 Add powershell_invoke_obfuscation_via_compress.yml 2020-10-18 19:50:58 +03:00
Timur Zinniatullin 30f7dad901 Add win_invoke_obfuscation_via_compress_services.yml 2020-10-18 19:50:30 +03:00
stvetro 65fc968658 Create win_susp_file_download_via_gfxdownloadwrapper.yml 2020-10-18 20:40:23 +04:00
stvetro a6d99e4418 Create win_susp_runscripthelper.yml 2020-10-18 20:37:53 +04:00
stvetro 5cb76ef7d4 Create win_winword_dll_load.yml 2020-10-18 20:29:39 +04:00
stvetro 5ae052b665 Revert "Revert "Create win_verclsid_runs_com.yml"" 
This reverts commit 8e820d441a.
 2020-10-18 20:10:29 +04:00
stvetro 8e820d441a Revert "Create win_verclsid_runs_com.yml" 
This reverts commit 7e4a958cc5.
 2020-10-18 20:10:21 +04:00
Timur Zinniatullin d84281936b Update win_invoke_obfuscation_via_rundll.yml 2020-10-18 19:05:40 +03:00
Timur Zinniatullin eb2af704e7 Update powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 19:05:27 +03:00
Timur Zinniatullin 39bac712c3 Update win_invoke_obfuscation_via_rundll_services.yml 2020-10-18 19:05:09 +03:00
stvetro 7e4a958cc5 Create win_verclsid_runs_com.yml 2020-10-18 20:02:34 +04:00
stvetro 07d3a6f340 Removed rules 
to have 1 pull request 1 rule
 2020-10-18 19:57:30 +04:00
Timur Zinniatullin 35a9a7d46c Update powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 18:54:59 +03:00
Timur Zinniatullin 0c934ea455 Update win_invoke_obfuscation_via_rundll.yml 2020-10-18 18:54:31 +03:00
Timur Zinniatullin 98febd2101 Update win_invoke_obfuscation_via_rundll_services.yml 2020-10-18 18:54:06 +03:00
Timur Zinniatullin 683c4cfc0a Add win_invoke_obfuscation_via_rundll.yml 2020-10-18 18:53:17 +03:00
Timur Zinniatullin 1bde40a98d Add win_invoke_obfuscation_via_rundll_services.yml 2020-10-18 18:52:25 +03:00
Timur Zinniatullin eee01f6a86 Add powershell_invoke_obfuscation_via_rundll.yml 2020-10-18 18:51:51 +03:00
feedb 54b75b73b2 [OSCD] process_creation_msdeploy 2020-10-18 17:37:14 +03:00
feedb 2b731300fb [OSCD] LOLBIN dotnet.exe exec dll and execute unsigned code 
=/
 2020-10-18 17:13:41 +03:00
feedb 744d27d892 [OSCD] LOLBIN dotnet.exe exec dll and execute unsigned code 2020-10-18 17:08:52 +03:00
feedb e7c9ead469 [OSCD] LOLBIN dotnet.exe exec dll and execute unsigned code 2020-10-18 17:06:09 +03:00
feedb fabf2a03fe Delete win_mshta_invoke_html.yml 2020-10-18 15:29:43 +03:00
feedb 468fd40dda Update win_mshta_invoke_html.yml 2020-10-18 15:23:44 +03:00
feedb 6b39f7bb6e Update win_mshta_invoke_html.yml 2020-10-18 15:19:58 +03:00
feedb ad11fc7b0e Update win_mshta_invoke_html.yml 2020-10-18 15:14:13 +03:00
feedb 5b35991cdd Update win_mshta_invoke_html.yml 2020-10-18 15:05:01 +03:00