security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,545 Commits 1 Branch 57 Tags
eef461a5fc6b218a41c302caa4dc8ea0ca8db75e
Commit Graph

431 Commits

Author SHA1 Message Date
phantinuss a5fc65e966 fix: wording 2023-06-15 09:14:33 +02:00
Nasreddine Bencherchali a5528ac5c0 chore: update description 2023-06-14 19:48:43 +02:00
Mohamed Ashraf ea47090c2d Update image_load_side_load_waveedit.yml 2023-06-14 18:59:48 +03:00
Mohamed Ashraf (X__Junior) df8d8240c8 Create image_load_side_load_waveedit.yml 2023-06-14 18:51:16 +03:00
Nasreddine Bencherchali 9c3e652693 Merge pull request #4301 from tr0mb1r/master 
feat: add new rules related to ClickOnce abuse
 2023-06-13 11:29:25 +02:00
Nasreddine Bencherchali 7ecbf44bf6 feat: update clickonce rules 2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali 6469462092 fix: fp found in testing 2023-06-12 00:41:36 +02:00
Nasreddine Bencherchali f963525e82 chore: update filters and metadata 2023-06-12 00:34:04 +02:00
Nasreddine Bencherchali a387b37a50 Rename image_load_side_load_RjvPlatform_2.yml to image_load_side_load_RjvPlatform_2.yml 2023-06-12 00:22:07 +02:00
Nasreddine Bencherchali 0a1fe0ebcd chore: rename file - remove space 2023-06-12 00:21:52 +02:00
Mohamed Ashraf dd95695a0f Update image_load_side_load_edputil.yml 2023-06-09 20:37:59 +03:00
Mohamed Ashraf (X__Junior) dce3b11669 multiple dll sideloading rules 2023-06-09 20:35:44 +03:00
tr0mb1r f0fd1930ba Update image_load_clickonce_unsigned_module_loaded.yml 2023-06-08 09:57:01 +04:00
tr0mb1r 47613199bd Update image_load_clickonce_unsigned_module_loaded.yml 2023-06-08 09:41:36 +04:00
tr0mb1r 4faa757e3c ClickOnce rule added 
Unsigned Module Loaded by ClickOnce Application added, based on the article:
https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5
 2023-06-08 09:24:42 +04:00
Nasreddine Bencherchali b11bd352bb Merge branch 'SigmaHQ:master' into rules-update-31-05-23 2023-06-02 15:50:33 +02:00
Mohamed Ashraf 9b2c23c4bf feat: add new rule for "SmadHook.dll" potential sideloading (#4282) 2023-06-02 10:58:42 +02:00
Nasreddine Bencherchali 0c75470412 chore: fix fp found in testing 2023-06-01 23:35:57 +02:00
Nasreddine Bencherchali 02526cd41b feat: more updates 2023-06-01 23:22:35 +02:00
Nasreddine Bencherchali 2453982499 feat: fix issues and fp filters 2023-05-31 17:10:24 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
Nasreddine Bencherchali 9d8b6def0a fix: typo in fp 2023-05-20 22:48:22 +02:00
Nasreddine Bencherchali e593068ab7 fix: fp with goopdate 2023-05-20 22:38:06 +02:00
Nasreddine Bencherchali 0ca45bf32c chore: update metadata and filter 2023-05-18 22:33:35 +02:00
Mohamed Ashraf (X__Junior) 1ea6e7390a Create image_load_side_load_wwlib.yml 2023-05-18 10:12:15 +03:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
phantinuss 06ec405ce7 fix: specify image and loaded image 2023-05-16 15:37:13 +02:00
phantinuss 9da42e4b52 fix: FP with CheckPoint SmartConsole 2023-05-16 09:38:53 +02:00
Mohamed Ashraf 37bba95e4a feat: new rule related to roboform dll sideloading (#4230) 2023-05-15 16:36:53 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00
Nasreddine Bencherchali 7b3186d274 fix: small update 2023-05-09 01:33:13 +02:00
Mohamed Ashraf (X__Junior) 0092ba7e47 Create image_load_side_load_solidpdfcreator.yml 2023-05-07 14:27:53 +03:00
Nasreddine Bencherchali f1cd74e303 feat: more updates 2023-05-05 17:52:47 +02:00
phantinuss ba3fbcf334 fix: remove erroneous whitespace 2023-05-03 15:53:14 +02:00
Nasreddine Bencherchali b26f9a9793 chore: move more rules 2023-04-21 15:01:48 +02:00
Nasreddine Bencherchali b851734126 chore: move 3cx related rules 2023-04-21 15:00:35 +02:00
phantinuss 7f056da95b fix: FPs found in different environments 2023-04-20 09:48:47 +02:00
Nasreddine Bencherchali 4e7bb74d43 feat: update browsers selections and filters 2023-04-18 18:05:08 +02:00
phantinuss 6a7a0f0269 fix: typos/wording 2023-04-17 08:39:41 +02:00
Nasreddine Bencherchali 03fc33f93c fix: add space at the end 2023-04-17 02:31:02 +02:00
Mohamed Ashraf (X__Junior) 63fb8e4655 Create image_load_side_load_libvlc.yml 2023-04-17 02:27:57 +02:00
Nasreddine Bencherchali bb7aabb4b4 chore: author update 2023-04-12 16:11:58 +02:00
Nasreddine Bencherchali 3d9372bef3 feat: new rules, updates and fp fixes (#4136) 2023-04-03 12:06:14 +02:00
Nasreddine Bencherchali 5138fef3e5 feat: update 3cx compromise related rules (#4156) 2023-03-31 15:01:41 +02:00
frack113 7f18aaad6a Fix FP 2023-03-28 14:55:57 +02:00
frack113 2cd4b73c12 Fix FP 2023-03-28 14:42:15 +02:00
Mohamed Ashraf 4c3296ce7a feat: new rule related to possible iviewers.dll sideloading (#4131) 2023-03-22 17:54:02 +01:00
Nasreddine Bencherchali 83bcab5fd6 chore: increase level of some sideloading rules 2023-03-15 01:10:52 +01:00