security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,376 Commits 1 Branch 57 Tags
ec2c559365013f02c19f098eb770ec2b61823c23
Commit Graph

12001 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 7b662b7c3d feat: add new rules related to small sieve 2023-05-19 02:34:01 +02:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
phantinuss 06ec405ce7 fix: specify image and loaded image 2023-05-16 15:37:13 +02:00
phantinuss 9da42e4b52 fix: FP with CheckPoint SmartConsole 2023-05-16 09:38:53 +02:00
Mohamed Ashraf 37bba95e4a feat: new rule related to roboform dll sideloading (#4230) 2023-05-15 16:36:53 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Nasreddine Bencherchali e51b548938 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali 2aa5b1be43 fix: move rule to correct folder 2023-05-11 21:38:39 +02:00
Nasreddine Bencherchali 77ba152b7f feat: more snake malware related rules 2023-05-11 19:54:11 +02:00
phantinuss c834b6dfcb Merge pull request #4225 from austinsonger/Okta_fastpass_phishing_detection 
Create okta_fastpass_phishing_detection.yml
 2023-05-10 09:31:02 +02:00
phantinuss 54dc2dcdb8 Merge pull request #4217 from m4nbat/NotionC2-detection-gk 
Create net_connection_win_notion.yml
 2023-05-10 08:30:15 +02:00
Austin Songer b72e7fc6eb Update rules/cloud/okta/okta_fastpass_phishing_detection.yml 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-05-10 01:18:00 -05:00
Nasreddine Bencherchali 231c2eccab fix: filter names and title 2023-05-09 20:54:55 +02:00
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
phantinuss b8c08bc8a8 Merge pull request #4222 from X-Junior/solidpdfcreator-dll-sideload-rule 
feat: new rule related to possible solidpdfcreator.dll sideloading
 2023-05-09 11:35:21 +02:00
phantinuss bdea78c18a Merge pull request #4227 from frack113/review_web_logsource 
Review Web logsource
 2023-05-09 11:33:29 +02:00
Gavin Knapp 2a2a4d9cd0 Merge branch 'SigmaHQ:master' into NotionC2-detection-gk 2023-05-09 09:20:59 +01:00
Nasreddine Bencherchali 91daec6d37 fix: single list element 2023-05-09 01:40:54 +02:00
Nasreddine Bencherchali 3767682f19 fix: metadata update 2023-05-09 01:38:28 +02:00
Micah Babinski 7906d999ab feat: add new rule for Potential Homoglyph Attack (#4223) 2023-05-09 01:35:52 +02:00
Nasreddine Bencherchali 7b3186d274 fix: small update 2023-05-09 01:33:13 +02:00
Austin Songer 3e9cfc3e7c Update okta_fastpass_phishing_detection.yml 2023-05-08 11:26:21 -05:00
Austin Songer 8dc803df95 Update okta_fastpass_phishing_detection.yml 2023-05-08 10:35:19 -05:00
frack113 c1a9712558 Review Web logsource 2023-05-08 11:04:16 +02:00
Austin Songer df04652768 Update okta_fastpass_phishing_detection.yml 2023-05-07 20:16:54 -05:00
Austin Songer 616bf2a819 Update okta_fastpass_phishing_detection.yml 2023-05-07 20:06:23 -05:00
Austin Songer ce62346e4f Create okta_fastpass_phishing_detection.yml 2023-05-07 19:43:39 -05:00
Mohamed Ashraf (X__Junior) 0092ba7e47 Create image_load_side_load_solidpdfcreator.yml 2023-05-07 14:27:53 +03:00
Nasreddine Bencherchali f3104f748f Merge pull request #4211 from fukusuket/refactor-use-all-modifier-without-field-instead-of-all-of 
chore: refactor use `'|all'` instead of using `all of` for a single selector.
 2023-05-05 18:44:35 +02:00
Nasreddine Bencherchali 21f6554ccd Merge pull request #4221 from SigmaHQ/proc-expl-drv-drop 
feat: new rules related to procexp and procmon drivers
 2023-05-05 18:33:09 +02:00
Nasreddine Bencherchali 72d003ea24 feat: update author and selection 2023-05-05 18:25:07 +02:00
Nasreddine Bencherchali a9b5a3b3e8 feat: small fix and add procmon 2023-05-05 18:19:05 +02:00
Nasreddine Bencherchali f1cd74e303 feat: more updates 2023-05-05 17:52:47 +02:00
Florian Roth 92981d2671 New rule: process explorer driver drop 2023-05-05 13:58:14 +02:00
Florian Roth dee38387c5 more backstab hashes 2023-05-05 13:17:01 +02:00
Nasreddine Bencherchali bd0a9e2bae fix: missing modifier 2023-05-05 12:34:29 +02:00
Nasreddine Bencherchali 6f659d1c1a fix: fp found in testing 2023-05-05 12:24:54 +02:00
Florian Roth 91956f8058 Merge branch 'master' into rule-devel 2023-05-05 10:10:24 +02:00
Florian Roth efb99a12f2 Update create_stream_hash_hacktool_download.yml 2023-05-05 10:09:50 +02:00
Florian Roth 5d3dd08ab8 Backstab tool imphash 2023-05-05 09:55:08 +02:00
Nasreddine Bencherchali 24ed6be065 feat: updates and new rules related to fin7 2023-05-05 01:26:06 +02:00
Gavin Knapp 063bb57dfd Update net_connection_win_notion.yaml 
Note to self: Leave commits until the morning when working late 🙃🤣.

Removed test user from install path.
 2023-05-04 07:52:48 +01:00
Gavin Knapp c11b69b8f5 Rename net_connection_win_notion.yml to net_connection_win_notion.yaml 
Corrected fileame error
 2023-05-04 01:50:25 +01:00
Gavin Knapp 401d71d9d3 Create net_connection_win_notion.yml 
created a rule to detecdt possible C2 coms using Notion SaaS as the C2 endpoint.
 2023-05-03 23:29:26 +01:00
phantinuss ba3fbcf334 fix: remove erroneous whitespace 2023-05-03 15:53:14 +02:00
Gavin Knapp 859d30c50c feat: new rule net_connection_win_google_api_non_browser_access.yml (#4212) 2023-05-03 10:32:28 +02:00
Nasreddine Bencherchali f25a3c530c Merge pull request #4214 from nasbench/coldsteel-rules 
feat: add new rules related to coldsteel
 2023-05-03 10:16:35 +02:00
kidrek 239afc945d fix: update curl rules flags to use regex (#4213) 2023-05-03 10:16:01 +02:00