security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
invrep-de 2672b10808 Some minor restructuring to incorporate the feedback from the oscd team; 
Some minor restructuring to incorporate the feedback from the oscd team;
 2020-10-14 15:37:15 -04:00
uchakin a7e5b0ac40 Some fixes for rules 2020-10-14 19:06:59 +03:00
S.kiran kumar 235e65b954 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 20:14:10 +05:30
S.kiran kumar 20a54d86b1 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 19:49:39 +05:30
omkargudhate22 2e2b2c2393 removed backslash 2020-10-14 19:44:31 +05:30
Vasilisa-L d0b2c021ce attack.t1059.001 try 2 2020-10-14 16:57:58 +03:00
Ivan Dyachkov 24eb0b92be commented tags 2020-10-14 16:56:52 +03:00
Ivan Dyachkov f005a74c49 commented tags 2020-10-14 16:56:10 +03:00
Ivan Dyachkov f2f7216378 commented tags 2020-10-14 16:32:24 +03:00
Ivan Dyachkov a8d5ddd93d commented tags 2020-10-14 16:31:00 +03:00
Vasilisa-L b1aa50ebcd T1059.001 added 2020-10-14 16:27:46 +03:00
omkargudhate22 2e52cb7f86 Update sysmon_susp_script_dotnet_clr_dll_load.yml 2020-10-14 18:47:25 +05:30
Ivan Dyachkov d58d55668f fixed tags 2020-10-14 16:00:50 +03:00
Ivan Dyachkov e50306f549 edited 2020-10-14 16:00:08 +03:00
Ivan Dyachkov b24bec6c6c delete diskshadow 2020-10-14 15:55:24 +03:00
Ivan Dyachkov 3f932e4252 #1014 2020-10-14 15:51:32 +03:00
omkargudhate22 23098d042c Update sysmon_susp_clr_logs.yml 2020-10-14 18:11:49 +05:30
omkargudhate22 75ee2e0f47 Update sysmon_susp_clr_logs.yml 2020-10-14 18:10:42 +05:30
omkargudhate22 f123a51d42 contains all condition 2020-10-14 17:34:01 +05:30
omkargudhate22 8e792f95ab removed regex 2020-10-14 17:31:38 +05:30
omkargudhate22 90725564c6 separated & changed conditions 2020-10-14 17:29:45 +05:30
Ivan Dyachkov fa55803545 fixed spaces and tabs 2020-10-14 13:33:27 +03:00
uncleP@sk 947fa79dd3 vsjitdebugger detection added 2020-10-14 13:29:25 +03:00
Ivan Dyachkov 22d5acde10 New rule 2020-10-14 13:28:41 +03:00
uncleP@sk 8fdca7853c te.exe LOLbin detection 2020-10-14 13:02:45 +03:00
Ivan Dyachkov cf9b040600 fixed description, tags 2020-10-14 12:08:22 +03:00
Demyan Sokolin ffaad3a124 retrigger checks 2020-10-14 12:01:33 +03:00
S.kiran kumar 0d25660624 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 14:13:20 +05:30
Alejandro Ortuno 2ef52dbfd8 Initial Sigma Rule 2020-10-14 10:24:59 +02:00
Alejandro Ortuno bf8426d71b Initial commit of sigma rule 2020-10-14 10:14:00 +02:00
S.kiran kumar 2fa7ae2c1c Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 13:04:49 +05:30
Ivan Dyachkov c0e70106fa Fixed att&ck, deleted commandline key "exec" (does not works without interactive mode so there is no commandline appear) 2020-10-14 10:15:06 +03:00
uncleP@sk 196debf0ad description + author fields fixed 2020-10-14 10:12:34 +03:00
uncleP@sk 2f06c30760 empty line + authors fixed 2020-10-14 10:06:34 +03:00
Alejandro Ortuno 75a05db446 Add slash to bypass testing 2020-10-14 08:50:15 +02:00
remotephone@gmail.com 8e7fbbd147 fixing UUID and description 2020-10-14 00:54:51 -05:00
remotephone@gmail.com ed22c8e0fe adding macos screencapture rule 2020-10-14 00:51:55 -05:00
remotephone@gmail.com 8bbde90328 adding line at end of file 2020-10-14 00:05:28 -05:00
remotephone@gmail.com 3cddb86b70 updating tags 2020-10-14 00:01:30 -05:00
remotephone@gmail.com 7343936653 adding gui input capture, first iteration 2020-10-13 23:59:53 -05:00
S.kiran kumar 6b25378a61 Removed * operator 2020-10-14 10:07:16 +05:30
S.kiran kumar 4fa6ca01ef Changed category. 2020-10-14 10:05:41 +05:30
remotephone@gmail.com df20d2a5d2 adding new line at end of file 2020-10-13 22:44:02 -05:00
remotephone@gmail.com 7e002fcb5f updating selections to make query more efficient and less prone to evasion 2020-10-13 22:17:26 -05:00
remotephone@gmail.com 56952ecdd4 updating to select commandline arguments correctly for macos rule, and cleaning up description across both rules 2020-10-13 22:09:37 -05:00
Jonhnathan 043033c1b7 Update win_etw_trace_evasion.yml 2020-10-13 22:59:06 -03:00
Jonhnathan ac1a6927ad Update win_etw_trace_evasion.yml 2020-10-13 22:55:13 -03:00
Jonhnathan e3446b873a Correct duplicated selection 2020-10-13 22:54:30 -03:00
Jonhnathan b1c9871b74 Add Additional detections for other techniques 2020-10-13 22:51:48 -03:00
tas_kmanager 7916ae0517 Changed the category to process_creation 2020-10-13 20:58:00 -04:00