security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
svch0stz a7442328eb Create powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:44:05 +11:00
svch0stz 3dafef411f Delete powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:42:25 +11:00
svch0stz db9813d13c Update win_susp_mounted_share_deletion.yml 2020-10-07 17:40:09 +11:00
svch0stz 097bed80ae Update powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:36:20 +11:00
svch0stz dabc092ab9 Create win_susp_mounted_share_deletion.yml 2020-10-07 17:34:48 +11:00
svch0stz 5c2ef0dd35 Update powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:33:12 +11:00
JPMinty c878d55ac0 Add oscd.community author 2020-10-07 16:59:18 +10:30
svch0stz d7acbb369e Created powershell_suspicious_mounted_share_deletion.yml 2020-10-07 17:22:09 +11:00
Thomas Patzke 986c80e593 Added oscd branch to CI 2020-10-07 08:20:26 +02:00
Vasilisa-L 5d01f71f62 CommandLine|contains -> CommandLine|contains|all: 
Replaced wildcard expression with list of values
 2020-10-07 08:43:22 +03:00
Ryan Plas dbb76b5856 Add Usage of reg or Powershell by Non-privileged Users rule 2020-10-06 22:01:18 -04:00
grikos 49119e162f Delete win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 01:04:59 +03:00
grikos a5478950c7 Create win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 00:34:00 +03:00
svch0stz e68e212d23 Update win_susp_logon_explicit_credentials.yml 2020-10-07 08:26:43 +11:00
svch0stz ca0f2146ab Update win_net_use_admin_share.yml 2020-10-07 08:23:31 +11:00
grikos 9d9f0bc373 Create win_susp_rundll32_setupapi_installhinfsection.yml 2020-10-07 00:18:41 +03:00
svch0stz 3d048ceba0 Update win_susp_copy_lateral_movement.yml 2020-10-07 08:18:09 +11:00
svch0stz ee2c79745f Update win_susp_wsl_lolbin.yml 2020-10-07 08:12:51 +11:00
Ömer Günal 8ea054ff0b Update at_command.yml 2020-10-07 00:07:30 +03:00
Ömer Günal b0b72de94d Create lnx_process_discovery.yml 2020-10-06 23:52:06 +03:00
Ömer Günal 7b39e76192 Create at_command.yml 2020-10-06 23:48:25 +03:00
grikos 3a8f3f8270 Merge branch 'sigma/oscd' of https://github.com/grikos/sigma into sigma/oscd 2020-10-06 22:31:49 +03:00
Nikita P. Nazarov 0ad9fc61de Detecting Code injection with PowerShell in another process 2020-10-06 20:52:18 +03:00
Ensar Şamil 944a110749 Delete sysmon_tttracer_mod_load.yml 2020-10-06 20:42:32 +03:00
ensar-pcs 4c5d692328 [OSCD] sysmon_tttracer_mod_load.yml added 2020-10-06 20:30:56 +03:00
Nikita P. Nazarov c90d99c0f9 Accessing WinAPI in PowerShell 2020-10-06 19:57:57 +03:00
grikos 6e02e6ac19 Change title and update description 2020-10-06 19:52:31 +03:00
Furkan CALISKAN bbb9fed3e6 Fixed for FP issues 2020-10-06 19:51:55 +03:00
ensar-pcs 60b3450fa8 [OSCD] win_syncappvpublishingserver_exe.yml added 2020-10-06 19:22:16 +03:00
Furkan CALISKAN 0023a22ead Added FP conditions and fileshare part for cmdline 2020-10-06 19:20:19 +03:00
Furkan CALISKAN a5ceba93a9 Fixed conditions 2020-10-06 19:15:30 +03:00
Furkan CALISKAN 52edc13d15 Fixed dates 2020-10-06 19:10:33 +03:00
vh 51df5ad876 Added: 
Sumo Logic CSE Rule Backend

Updated:
Mapping depence on logsource
Azure Sentinel Query Backend
MDATP: query with few logsources
CROWDSTRIKE: fix generateMapItemTypedNode
 2020-10-06 15:07:52 +03:00
grikos 79503c63dd fixed typo in att&ck mapping tag 2020-10-06 12:22:19 +03:00
grikos b93e64cd96 Update title according with the guideline 2020-10-06 11:59:20 +03:00
grikos 2638e2a80e newline at the end of file 2020-10-06 10:35:12 +03:00
grikos 6c89ad17a7 newline at the end of file 2020-10-06 10:25:06 +03:00
grikos cd4ce37e28 Create win_susp_vboxdrvInst.yml 2020-10-06 10:24:30 +03:00
grikos 6ae36993d9 Create win_susp_vboxdrvInst.yml 2020-10-06 10:18:34 +03:00
Ömer Günal 759268108f rename filename 2020-10-06 09:04:36 +03:00
Vasilisa-L 5b31b8755d Update win_susp_pcwutl.yml 2020-10-06 08:55:01 +03:00
Vasiliy Burov 3f1d44e751 Update win_hack_hydra.yml 2020-10-05 23:52:55 +03:00
Vasiliy Burov f38738e530 Update win_hack_hydra.yml 2020-10-05 23:34:30 +03:00
Furkan CALISKAN ea6d60c58f Added print lolbin 2020-10-05 23:26:57 +03:00
Vasiliy Burov f6ec8673da Update win_hack_hydra.yml 2020-10-05 23:24:59 +03:00
Vasiliy Burov 6a01193661 Update win_hack_hydra.yml 2020-10-05 23:24:08 +03:00
Vasiliy Burov df704ba4fb Create win_hack_hydra.yml 2020-10-05 23:05:27 +03:00
Furkan CALISKAN db4804d6bf Merge branch 'master' of https://github.com/caliskanfurkan/sigma 2020-10-05 23:03:21 +03:00
Furkan CALISKAN 4d655138b2 Added findstr lolbin 2020-10-05 23:03:05 +03:00
Ömer Günal 0e7eb32f62 update description 2020-10-05 20:22:43 +03:00