blue-team-tools

Author	SHA1	Message	Date
Nasreddine Bencherchali	eef461a5fc	Merge pull request #4326 from securepeacock/patch-49 feat: add new reference to iso mount rule	2023-06-23 10:04:05 +02:00
Nasreddine Bencherchali	ee725107c3	Merge pull request #4327 from securepeacock/patch-50 feat: add new reference to iso mount rule	2023-06-23 10:00:31 +02:00
Nasreddine Bencherchali	96b2219686	Merge pull request #4329 from securepeacock/patch-51 feat: add new reference to curl download rule	2023-06-23 09:58:50 +02:00
Nasreddine Bencherchali	2915eb55c2	Merge pull request #4330 from securepeacock/patch-52 feat: add new reference for adfind rule	2023-06-23 09:58:17 +02:00
Nasreddine Bencherchali	3a97d75882	Merge pull request #4331 from ryanplasma/fix_404_links fix: update reference to "Zero Networks" Blog	2023-06-23 09:57:25 +02:00
Ryan Plas	563f5ce090	Fix Zero Networks Blog 404s	2023-06-22 17:16:46 -04:00
securepeacock	01d3701982	Update proc_creation_win_pua_adfind_susp_usage.yml	2023-06-22 17:11:08 -04:00
securepeacock	f8d399f054	Update proc_creation_win_curl_susp_download.yml	2023-06-22 11:53:22 -04:00
securepeacock	bd184a9a3d	Update win_security_iso_mount.yml	2023-06-22 09:52:25 -04:00
securepeacock	59a673586c	Update file_event_win_iso_file_mount.yml	2023-06-22 09:51:44 -04:00
Nasreddine Bencherchali	683b63f818	Merge pull request #4322 from umairqamar/umairqamar-patch-1 feat: update rmm service rules	2023-06-22 01:28:42 +02:00
Nasreddine Bencherchali	7fb8daa039	feat: add missing modified & update order	2023-06-22 01:15:04 +02:00
Nasreddine Bencherchali	ff521495da	Merge pull request #4323 from securepeacock/patch-48 feat: add new reference to `proc_creation_win_lolbin_rundll32_installscreensaver.yml`	2023-06-21 22:43:25 +02:00
securepeacock	2b30b96f12	Update proc_creation_win_lolbin_rundll32_installscreensaver.yml	2023-06-21 13:11:09 -04:00
Nasreddine Bencherchali	46eacc3da3	Merge pull request #4321 from phantinuss/master fix: false positives + typos	2023-06-21 14:13:22 +02:00
Umair Qamar	a93d478dae	Update win_system_service_install_remote_access_software.yml Add TightVNC	2023-06-21 11:14:46 +01:00
phantinuss	6c4408ddff	chore: fix typo of lowercase Windows in description	2023-06-21 09:52:43 +02:00
phantinuss	6b2bf871c2	fix: false positives with missing Image field	2023-06-21 09:52:43 +02:00
Nasreddine Bencherchali	c04bef2fbb	Merge pull request #4320 from securepeacock/patch-47 feat: add new reference for `proc_creation_win_renamed_binary.yml`	2023-06-20 22:06:35 +02:00
securepeacock	fcaa435517	Update proc_creation_win_renamed_binary.yml	2023-06-20 14:30:05 -04:00
Nasreddine Bencherchali	62d4fd26b0	Merge pull request #4319 from frack113/add_tags chore: update tags for new rule types	2023-06-20 11:50:04 +02:00
Nasreddine Bencherchali	9f82e581a1	fix: apply suggestions from code review Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2023-06-20 11:26:41 +02:00
Nasreddine Bencherchali	21a87ddac2	fix: typo	2023-06-20 11:08:57 +02:00
$frack113$ frack113	8c5dba3740	Update tags Signed-off-by: frack113 <62423083+frack113@users.noreply.github.com>	2023-06-20 07:31:54 +02:00
Nasreddine Bencherchali	c05f864047	Merge pull request #4318 from nasbench/rules-updates-13-06-23 feat: add rules related to Barracuda ESG exploitation	2023-06-19 13:22:10 +02:00
phantinuss	3c57bd6b89	fix: id and wording	2023-06-19 13:03:40 +02:00
Nasreddine Bencherchali	44e0625360	fix: update rules for tests	2023-06-19 09:24:18 +02:00
Nasreddine Bencherchali	22628faaf0	feat: add rules related to Barracuda ESG exploitation	2023-06-18 22:14:57 +02:00
securepeacock	6312dd1d44	feat: update reference proc_creation_win_wmic_process_creation.yml (#4315 )	2023-06-16 10:24:50 +02:00
Nasreddine Bencherchali	e8407c39cc	Merge pull request #4312 from X-Junior/waveedit-dll-side-loading-rule	2023-06-15 11:18:50 +02:00
Florian Roth	93ebbcbb78	feat: typo fix and remote access software rule update (#4313 )	2023-06-15 11:18:20 +02:00
phantinuss	a5fc65e966	fix: wording	2023-06-15 09:14:33 +02:00
Nasreddine Bencherchali	a5528ac5c0	chore: update description	2023-06-14 19:48:43 +02:00
Mohamed Ashraf	ea47090c2d	Update image_load_side_load_waveedit.yml	2023-06-14 18:59:48 +03:00
Mohamed Ashraf (X__Junior)	df8d8240c8	Create image_load_side_load_waveedit.yml	2023-06-14 18:51:16 +03:00
Nasreddine Bencherchali	93881d6f87	Merge pull request #4311 from frack113/FP_lolbin fix: fp in proc_creation_win_lolbin_gpscript.yml	2023-06-14 15:45:18 +02:00
Nasreddine Bencherchali	917e5bee68	fix: update filter name	2023-06-14 15:35:33 +02:00
Nasreddine Bencherchali	6f21321b98	Merge pull request #4310 from nasbench/rules-updates-13-06-23 fix: fp found in testing	2023-06-14 12:27:25 +02:00
phantinuss	fdc780ea93	fix: typo	2023-06-14 12:12:57 +02:00
$frack113$ frack113	9ad36c796b	Fix svchost FP Signed-off-by: frack113 <magicfrancois@gmail.com>	2023-06-14 11:33:58 +02:00
Nasreddine Bencherchali	bb8f6bf762	fix: update whql rule	2023-06-14 10:02:51 +02:00
Nasreddine Bencherchali	89df2a6e95	feat: add rule related to CVE-2023-25157	2023-06-14 00:24:37 +02:00
Nasreddine Bencherchali	e39b85a3f4	fix: fp found in testing	2023-06-14 00:23:28 +02:00
Nasreddine Bencherchali	3d172914f6	Merge pull request #4307 from nasbench/rules-updates-13-06-23 chore: fix date field and add fp filter	2023-06-13 12:13:50 +02:00
Nasreddine Bencherchali	ccc4458dfc	chore: fix date field and add fp filter	2023-06-13 11:41:14 +02:00
Nasreddine Bencherchali	9c3e652693	Merge pull request #4301 from tr0mb1r/master feat: add new rules related to ClickOnce abuse	2023-06-13 11:29:25 +02:00
phantinuss	62ed3a7bcf	fix: wording	2023-06-13 08:58:49 +02:00
Nasreddine Bencherchali	7ecbf44bf6	feat: update clickonce rules	2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali	ac7902685f	Merge pull request #4305 from X-Junior/uncommen-child-processes-sndvol feat: new rule "Uncommon SndVol Child Process"	2023-06-12 10:25:09 +02:00
Florian Roth	79817eaa4d	feat: add rule related to potential exploitation of CVE-2023-2283 (#4303 )	2023-06-12 10:17:47 +02:00

1 2 3 4 5 ...

15545 Commits