security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,376 Commits 1 Branch 57 Tags
ec2c559365013f02c19f098eb770ec2b61823c23
Commit Graph

171 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Nasreddine Bencherchali e51b548938 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-12 10:33:05 +02:00
Nasreddine Bencherchali 77ba152b7f feat: more snake malware related rules 2023-05-11 19:54:11 +02:00
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
Micah Babinski 7906d999ab feat: add new rule for Potential Homoglyph Attack (#4223) 2023-05-09 01:35:52 +02:00
Nasreddine Bencherchali a9b5a3b3e8 feat: small fix and add procmon 2023-05-05 18:19:05 +02:00
Nasreddine Bencherchali f1cd74e303 feat: more updates 2023-05-05 17:52:47 +02:00
Florian Roth 92981d2671 New rule: process explorer driver drop 2023-05-05 13:58:14 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali 95edf4c9d6 Merge pull request #4177 from pH-T/master 
feat: new hktl related rules and pwsh cmdlet updates
 2023-04-21 11:24:57 +02:00
Nasreddine Bencherchali aa22c02039 chore: order list 2023-04-21 11:14:55 +02:00
Florian Roth 220916f59c Merge pull request #4178 from nasbench/nash-rule-dev 
feat: new rules and updates
 2023-04-19 16:39:45 +02:00
Nasreddine Bencherchali e95aaa1e5d fix: small updates 2023-04-19 12:38:38 +02:00
Nasreddine Bencherchali 61c8364c20 feat: add rules related to rogue rdp 2023-04-18 22:13:30 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
Tess 107629758d remove duplicate reference urls 2023-04-18 11:03:07 -04:00
Paul Hager 0420e9c3bb feat: various new hktl rules 2023-04-17 12:08:30 +02:00
Nasreddine Bencherchali 2710bf4710 feat: new rules, updates and fp fixes (#4162) 2023-04-11 13:04:22 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
frack113 e3103e8d02 Add office filter 2023-03-29 06:42:21 +02:00
frack113 ed914a3cac Fix FP 2023-03-28 16:27:37 +02:00
phantinuss afcbc08c85 fix: FP found in testing 2023-03-23 10:52:08 +01:00
frack113 9ce7f083ef feat: new rule Potential Binary Or Script Dropper Via PowerShell.EXE (#4116) 2023-03-17 12:56:02 +01:00
Nasreddine Bencherchali d36f7e9819 fix: fp found in testing 2023-03-14 23:58:04 +01:00
Nasreddine Bencherchali f23780de6f feat: update and fixes 2023-03-09 22:10:42 +01:00
Nasreddine Bencherchali cfea7a7bcc fix: apply 2nd batch of suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-03-01 18:45:26 +01:00
Nasreddine Bencherchali 7da6ac6654 fix: apply typo fix suggestions from code review 
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
 2023-02-28 16:55:40 +01:00
Nasreddine Bencherchali 137dcbcc50 feat: more updates and fixes 2023-02-28 15:22:25 +01:00
Nasreddine Bencherchali 60c0b5fdd0 fix: remove pptx:zone 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-02-24 16:36:14 +01:00
Nasreddine Bencherchali 41e6b17610 fix: remove pptx extension 2023-02-24 13:34:49 +01:00
Nasreddine Bencherchali 80c0c5b391 fix: apply rewording suggestion 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-24 13:33:08 +01:00
Nasreddine Bencherchali 47de3e1857 fix: remove pwsh+cmd 2023-02-24 13:32:43 +01:00
Nasreddine Bencherchali af84545616 fix: fp found in baseline 2023-02-23 13:39:17 +01:00
Nasreddine Bencherchali 75281c8c20 fix: typo in modifier name 2023-02-23 13:30:31 +01:00
Nasreddine Bencherchali c37df2fa83 fix: remove incorrect field 2023-02-23 13:19:21 +01:00
Nasreddine Bencherchali d799ad9982 fix: revert change to rule 2023-02-23 12:55:46 +01:00
Nasreddine Bencherchali 078e3ab500 feat: updates and fixes 2023-02-23 12:49:44 +01:00
Wagga 2d283ff885 Update and rename file_event_win_apt_cozy_bear_phishing_campaing_indicators.yml to file_event_win_apt_cozy_bear_phishing_campaign_indicators.yml 2023-02-20 14:10:03 +01:00
Nasreddine Bencherchali f0afc4cce6 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-20 12:06:37 +01:00
Nasreddine Bencherchali 6a0b38291f fix: fp found in baseline 2023-02-17 23:16:42 +01:00
Nasreddine Bencherchali 1dba328ddc fix: add missing modified 2023-02-17 22:52:09 +01:00
Nasreddine Bencherchali 68c052aab7 feat: updates and fixes 2023-02-17 17:51:44 +01:00
Nasreddine Bencherchali c56f7932e0 Merge pull request #4041 from nasbench/wmic-rules-updates 
feat: wmic rules update + other fixes
 2023-02-16 11:38:16 +01:00
Nasreddine Bencherchali 151171848a Merge pull request #4038 from nasbench/nasbench-rule-devel 
feat: updates and enhancements
 2023-02-16 11:30:15 +01:00
Nasreddine Bencherchali 7ec76db26c Merge branch 'master' into wmic-rules-updates 2023-02-15 19:58:11 +01:00
Nasreddine Bencherchali 39e957d7ee fix: update title 2023-02-15 19:11:39 +01:00
Nasreddine Bencherchali 33207aa7ab fix: change link to permalink 2023-02-15 13:37:05 +01:00
Nasreddine Bencherchali 2fd43cbe82 fix: typo in field 2023-02-15 13:27:56 +01:00