security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,511 Commits 1 Branch 57 Tags
e91fc4486e57fc40e30d12253694de4c80a9e4ea
Commit Graph

10511 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
zinint 49f9b797a7 Update sysmon_xsl_script_processing.yml 2019-10-22 15:20:15 +03:00
zinint a8bd2c8e78 Update win_data_compressed.yml 2019-10-22 14:57:53 +03:00
zinint 74d1fef8b8 Update win_data_compressed.yml 2019-10-22 14:53:43 +03:00
zinint cc6d4b05ac OSCD Task 7 : ART T1002 Exfiltration With Rar 
OSCD Task 7 : ART T1002 Compress Data for Exfiltration With Rar
 2019-10-22 14:00:52 +03:00
gsanm 150afd816d IP Clean 2019-10-22 17:49:50 +07:00
Florian Roth b3654947bc rule: suspicious call by ordinal (rundll32) 2019-10-22 12:40:26 +02:00
Florian Roth 0f02f2bdfc rule: adjusted very noisy rule on AppLocker whitelist bypass 2019-10-22 12:32:37 +02:00
root 00a757959e add rule win_susp_capture_screenshots.yml 2019-10-22 06:06:07 +02:00
root 2bd9d8a9d8 add rule sysmon_webshell_creation_detect.yml 2019-10-22 05:56:37 +02:00
root fb53855ae5 add rule sysmon_webshell_creation_detect.yml 2019-10-22 05:50:49 +02:00
zinint daf1034621 Update win_possible_applocker_bypass.yml 2019-10-22 00:54:29 +03:00
zinint 789782ef59 Update sysmon_xsl_script_processing.yml 2019-10-22 00:08:46 +03:00
zinint 56f807cb44 Update sysmon_xsl_script_processing.yml 2019-10-22 00:06:54 +03:00
zinint 0d8eff0d86 Update sysmon_xsl_script_processing.yml 2019-10-22 00:06:10 +03:00
zinint a1d72f20c8 Update sysmon_xsl_script_processing.yml 2019-10-21 23:51:39 +03:00
zinint 5248f83fb3 Update sysmon_xsl_script_processing.yml 2019-10-21 23:46:11 +03:00
zinint a685c9c3be Update sysmon_xsl_script_processing.yml 2019-10-21 23:39:33 +03:00
zinint 784d7138ca OSCD Task 7 ART T1220 
OSCD Task 7 ART T1220 rule add
 2019-10-21 22:22:55 +03:00
Florian Roth 3bd3e724f1 Merge pull request #473 from joesecurity/patch-3 
Update README.md
 2019-10-21 13:34:41 +02:00
Florian Roth 439045a87b Reordered projects 2019-10-21 13:34:30 +02:00
Florian Roth 4e7ad5c948 rule: added date to crypto miner rule 2019-10-21 13:24:33 +02:00
Florian Roth e8963b2599 rule: crypto miner user agents in proxy logs 2019-10-21 13:21:50 +02:00
Joe Security b815b15255 Update README.md 
Added Joe Sandbox to list of supported Projects or Products.
 2019-10-21 13:13:49 +02:00
Florian Roth c8b5b91815 Merge pull request #471 from a2tf/rule_change_proxy_uri_to_url 
rule: changed two proxy rules from uri-query to url
 2019-10-21 12:52:36 +02:00
Thomas Patzke 8a545b973b Sigmatools release 0.13 0.13 2019-10-21 11:58:26 +02:00
root e47caf4749 add rule lnx_auditd_web_rce.yml 2019-10-21 11:54:21 +02:00
root a499141483 modified rule lnx_auditd_web_rce.yml 2019-10-21 11:28:59 +02:00
Florian Roth 9457f01c29 Update proxy_ios_implant.yml 2019-10-21 11:20:11 +02:00
Florian Roth f8d8eb7948 Update proxy_chafer_malware.yml 2019-10-21 11:19:59 +02:00
root ac8308dfc9 add rule lnx_auditd_web_rce.yml 2019-10-21 11:14:24 +02:00
Florian Roth 454ba2b576 rule: modified sudo vuln rule to be most generic 2019-10-20 14:02:10 +02:00
Florian Roth 08ff2f38bc Revert "rule: modified sudo vuln rule to be most generic" 
This reverts commit ef6a25d109.
 2019-10-20 14:01:14 +02:00
Florian Roth ef6a25d109 rule: modified sudo vuln rule to be most generic 2019-10-20 10:37:05 +02:00
Florian Roth bd93425639 Added Sumologic to list 2019-10-19 10:11:28 +02:00
a2tf a2753ba5a6 rule: changed two proxy rules from uri-query to url 2019-10-18 14:15:39 +00:00
lep 1c5816b214 update carbonblack module 2019-10-18 17:51:31 +07:00
lep 7219e0b0f1 module carbonblack 2019-10-18 14:04:38 +07:00
Thomas Patzke fc276612b6 Added encoding modifiers 2019-10-16 23:52:06 +02:00
Thomas Patzke 522f021ef1 Merge pull request #461 from Galapag0s/patch-2 
Added Additional history clearing options
 2019-10-16 22:35:41 +02:00
Thomas Patzke 02d193c518 Merge pull request #470 from stevengoossensB/master 
Mapping the fields in the select statement according to the configuration file
 2019-10-16 22:34:28 +02:00
Florian Roth deb3ecf404 fix: relevant fields in lsass dll load rule 2019-10-16 19:09:20 +02:00
Steven Goossens 5f7813f71e Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 16:38:59 +02:00
Steven Goossens 6a1a96a918 Implement mapping when selecting the fields for the AQL query. This was not being done correctly 2019-10-16 16:37:09 +02:00
Florian Roth ab292a4029 rule: simplified Emotet rule 2019-10-16 15:29:42 +02:00
Florian Roth 36f678930d rule: updated sudo vuln rule to detect 0-padding part 2 
https://twitter.com/joshbressers/status/1184455759620378627
 2019-10-16 15:10:44 +02:00
Florian Roth 5374d18e4b rule: updated sudo vuln rule to detect 0-padding 
https://twitter.com/taviso/status/1184238670343065600
 2019-10-16 15:03:28 +02:00
Florian Roth c396526f40 rule: LSASS DLL load via undocumented Registry key 
https://twitter.com/SBousseaden/status/1183745981189427200
 2019-10-16 13:18:44 +02:00
Florian Roth 5d143f4f22 rule: emotet rule references extended 2019-10-16 13:18:44 +02:00
Thomas Patzke 8c8ac52b57 Merge pull request #469 from stevengoossensB/master 
Added the cleanValue function for Qradar
 2019-10-16 11:24:57 +02:00
Steven Goossens c6e0e10613 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 11:06:53 +02:00