security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,469 Commits 1 Branch 57 Tags
ecaf89dd91ff34bb36d1ff5af634622d2e1e5d55
Commit Graph

321 Commits

Author SHA1 Message Date
Nasreddine Bencherchali ecaf89dd91 fix: fp with powercat 2023-01-21 18:15:37 +01:00
Nasreddine Bencherchali dfdc232f55 fix: optimize "Invoke-Sharp" coverage 2023-01-21 12:28:08 +01:00
Nasreddine Bencherchali ea536c33b3 feat: update and merge some pwsh rules 2023-01-20 17:07:23 +01:00
Nasreddine Bencherchali e213252c4c feat: logic update to multiple rules 2023-01-19 16:37:10 +01:00
Nasreddine Bencherchali ff9844b8d7 fix: fp and broken field name 2023-01-18 10:47:40 +01:00
Nasreddine Bencherchali f3171177d8 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2023-01-18 10:24:04 +01:00
Nasreddine Bencherchali 459ba25cce Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel 2023-01-17 01:01:38 +01:00
Nasreddine Bencherchali 85fb255bc9 feat: new rules and updates 2023-01-17 01:00:44 +01:00
Nasreddine Bencherchali 3d77511102 fix: improve fp description slightly 2023-01-16 16:30:08 +01:00
phantinuss 99c5c46397 fix: FP found in testing 2023-01-16 15:38:52 +01:00
Tim Shelton 09b3e43afc Removing filter specification in condition 2023-01-12 16:21:58 +00:00
redsand (Tim Shelton) 3007d98844 Merge branch 'SigmaHQ:master' into fp_library_alias_and_use_of_alias 2023-01-12 10:19:47 -06:00
redsand (Tim Shelton) 88308b713c Update rules/windows/powershell/powershell_script/posh_ps_tamper_defender.yml 
whatever you guys want, im good with. i like @neo23x0 suggestion

Co-authored-by: Florian Roth <venom14@gmail.com>
 2023-01-12 10:14:14 -06:00
Nasreddine Bencherchali b6b1eba014 fix: fp and add related fields 2023-01-11 23:39:15 +01:00
Nasreddine Bencherchali 28a3413aa7 feat: updates and enhancements 2023-01-11 01:03:52 +01:00
Nasreddine Bencherchali 81f75c1d2e feat: updates and enhancements 2023-01-10 00:13:37 +01:00
Florian Roth bcce3a85aa Merge branch 'master' into rule-devel 2023-01-09 09:56:21 +01:00
Florian Roth 0a9be5922c fix: shortened author list to make it fit in VARCHAR(255) DB fields 2023-01-09 09:47:26 +01:00
frack113 7f653db16c Apply suggestions from code review 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2023-01-08 14:45:39 +01:00
frack113 2cf8529657 Add posh_ps_susp_set_alias 2023-01-08 09:55:27 +01:00
Nasreddine Bencherchali 7e73028c5e feat: updates and enhancements 2023-01-06 16:35:34 +01:00
Tim Shelton 79b3c384ef FP: import and use of Get-MpComputerStatus and use of aliases not being monitored 2023-01-06 14:04:35 +00:00
Nasreddine Bencherchali fb9caa875c fix: other typos 2023-01-04 17:53:24 +01:00
Nasreddine Bencherchali 711ba956e3 feat: updates and enhancements 2023-01-04 17:49:32 +01:00
Nasreddine Bencherchali f5aeffa83a Merge pull request #3863 from redsand/fp_aws_worker_posh_ps_susp 
FP: call of window style hidden is embedded in AWS code.
 2023-01-04 00:49:03 +01:00
Nasreddine Bencherchali 4d6aec82a6 fix: enhance fp filter 2023-01-04 00:43:40 +01:00
Tim Shelton 705782ee9b FP: call of window style hidden is embedded in AWS code. 2023-01-03 20:52:10 +00:00
Nasreddine Bencherchali d1fcf96d7d fix: update modified field 2023-01-03 17:47:15 +01:00
Tim (Bobby-Tablez) Peck 0bf6645387 Update posh_ps_susp_invocation_generic.yml 2023-01-03 09:35:36 -07:00
Nasreddine Bencherchali a6ff066baa fix: unused filter 2023-01-03 00:32:02 +01:00
Florian Roth 2b04ae2e35 Merge branch 'master' into aurora-false-positive-fixing 2023-01-03 00:17:11 +01:00
Florian Roth fefaa57d3c fix: FPs noticed in CI testing 2023-01-03 00:16:32 +01:00
Nasreddine Bencherchali 3749416a30 Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2023-01-02 14:50:27 +01:00
Nasreddine Bencherchali a99b5082e1 feat: updates and enhancements 2023-01-02 14:49:45 +01:00
fukusuket 9298295c15 fix: remove invalid backslash escape 2022-12-31 21:35:07 +09:00
Nasreddine Bencherchali 261bb8758a Merge branch 'SigmaHQ:master' into nasbench-rule-devel 2022-12-30 11:49:08 +01:00
frack113 aee5ca7afc Fix invalid field cast or name (#3841) 2022-12-30 11:46:21 +01:00
Nasreddine Bencherchali c6fd915619 feat: updates and enhancements 2022-12-30 00:56:40 +01:00
fukusuket 42ab7c0484 fix regex escape 2022-12-30 00:11:52 +09:00
frack113 b3ec85b25b Merge pull request #3826 from nasbench/fix-old-sigma-link 
fix: rename links from old repo to SigmaHQ
 2022-12-28 11:11:04 +01:00
Nasreddine Bencherchali a25027fef8 fix: rename links from old repo to SigmaHQ 2022-12-27 21:05:16 +01:00
frack113 0392f92a0d PowerShell Token Obfuscation (#3825) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 20:03:05 +01:00
frack113 8a6f66b120 Rules for Issue 575 (#3820) 
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 15:17:45 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
frack113 271460062e Merge pull request #3815 from nasbench/aadinternals-rules 
feat: new aadinternals related rules
 2022-12-23 20:20:07 +01:00
Nasreddine Bencherchali b19abdaeda fix: date position 2022-12-23 20:02:54 +01:00
Nasreddine Bencherchali 1f38e15bb4 fix: fp section 2022-12-23 19:24:08 +01:00
Nasreddine Bencherchali 28664d5bb3 feat: new aadinternals related rules 2022-12-23 19:16:17 +01:00
Nasreddine Bencherchali 0aa6f26a6f feat: updates and enhancements 2022-12-23 18:37:59 +01:00
frack113 df015e555c Add more ref 2022-12-23 13:22:50 +01:00