security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
15,545 Commits 1 Branch 57 Tags
eef461a5fc6b218a41c302caa4dc8ea0ca8db75e
Commit Graph

4747 Commits

Author SHA1 Message Date
Nasreddine Bencherchali 96b2219686 Merge pull request #4329 from securepeacock/patch-51 
feat: add new reference to curl download rule
 2023-06-23 09:58:50 +02:00
securepeacock 01d3701982 Update proc_creation_win_pua_adfind_susp_usage.yml 2023-06-22 17:11:08 -04:00
securepeacock f8d399f054 Update proc_creation_win_curl_susp_download.yml 2023-06-22 11:53:22 -04:00
securepeacock 2b30b96f12 Update proc_creation_win_lolbin_rundll32_installscreensaver.yml 2023-06-21 13:11:09 -04:00
phantinuss 6c4408ddff chore: fix typo of lowercase Windows in description 2023-06-21 09:52:43 +02:00
phantinuss 6b2bf871c2 fix: false positives with missing Image field 2023-06-21 09:52:43 +02:00
securepeacock fcaa435517 Update proc_creation_win_renamed_binary.yml 2023-06-20 14:30:05 -04:00
Nasreddine Bencherchali 22628faaf0 feat: add rules related to Barracuda ESG exploitation 2023-06-18 22:14:57 +02:00
securepeacock 6312dd1d44 feat: update reference proc_creation_win_wmic_process_creation.yml (#4315) 2023-06-16 10:24:50 +02:00
Nasreddine Bencherchali 917e5bee68 fix: update filter name 2023-06-14 15:35:33 +02:00
frack113 9ad36c796b Fix svchost FP 
Signed-off-by: frack113 <magicfrancois@gmail.com>
 2023-06-14 11:33:58 +02:00
Nasreddine Bencherchali 9c3e652693 Merge pull request #4301 from tr0mb1r/master 
feat: add new rules related to ClickOnce abuse
 2023-06-13 11:29:25 +02:00
Nasreddine Bencherchali 7ecbf44bf6 feat: update clickonce rules 2023-06-12 23:52:40 +02:00
Nasreddine Bencherchali 2b520f9415 chore: update description 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-12 10:15:23 +02:00
Nasreddine Bencherchali d634acec1a feat: update legit child 2023-06-12 00:23:04 +02:00
Mohamed Ashraf (X__Junior) 2b2c5c42ca Create proc_creation_win_sndvol_susp_child_processes.yml 2023-06-09 20:43:13 +03:00
Nasreddine Bencherchali b02e3b698a Merge pull request #4289 from branchnetconsulting/patch-1 
feat: update logonscript rules
 2023-06-09 12:23:14 +02:00
phantinuss f3567b72f7 fix: wording 2023-06-09 12:14:16 +02:00
Nasreddine Bencherchali 9be8e2296a feat: update logon script rules 2023-06-09 12:09:35 +02:00
Paul Hager 695e0bd5e3 fix: typo in 'related' field 2023-06-07 12:02:43 +02:00
phantinuss 630e1a4734 fix: exclude files that are marked for deletion 2023-06-07 10:24:51 +02:00
Kevin Branch b478f24985 Update proc_creation_win_persistence_userinitmprlogonscript.yml 
When logging into Windows Core, userinit.exe normalls calls PowerShell.exe without parameters to bring up a PowerShell window.
 2023-06-05 12:57:52 -04:00
Nasreddine Bencherchali 715cc0589c Merge pull request #4232 from swachchhanda000/master 
feat: extended coverage of existing defender tampering rules
 2023-06-05 13:26:03 +02:00
phantinuss e407cfa1d6 fix: wording 2023-06-05 13:09:30 +02:00
Nasreddine Bencherchali 899c2ff23a chore: update defender rules 2023-06-05 11:50:43 +02:00
Nasreddine Bencherchali c5c61ac040 Merge pull request #4280 from nasbench/rules-update-31-05-23 
feat: rule updates and issue fixes
 2023-06-05 11:38:16 +02:00
Nasreddine Bencherchali 8a06af1364 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-06-05 10:54:18 +02:00
Florian Roth 382355c728 feat: add new rule "Renamed AutoIt Execution" (#4286) 2023-06-05 10:53:42 +02:00
Nasreddine Bencherchali 02526cd41b feat: more updates 2023-06-01 23:22:35 +02:00
Nasreddine Bencherchali 2453982499 feat: fix issues and fp filters 2023-05-31 17:10:24 +02:00
Nasreddine Bencherchali 1299b21561 feat: rule and tests update 2023-05-31 13:46:13 +02:00
frack113 924483d1cc Update proc_creation_win_googleupdate_susp_child_process.yml 
Fix status
 2023-05-30 19:18:23 +02:00
Nasreddine Bencherchali bcc0c9a9e0 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-30 11:17:52 +02:00
Nasreddine Bencherchali 50e0f58547 Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 18:37:52 +02:00
Nasreddine Bencherchali f8ca220ade Update proc_creation_win_regsvr32_susp_exec_path_2.yml 2023-05-26 17:26:50 +02:00
Nasreddine Bencherchali 574c63ea06 fix: fp found in testing 2023-05-26 16:34:06 +02:00
Nasreddine Bencherchali 00751c4c6d fix: issue to pass the tests 2023-05-26 16:10:46 +02:00
Nasreddine Bencherchali 547b8ffa71 feat: update more regsvr32 2023-05-26 15:59:30 +02:00
Nasreddine Bencherchali bf80eace81 feat: first batch update for regsvr32 2023-05-25 02:13:00 +02:00
cyb3rjy0t cd71edc09c feat: add/update rules related to odbcconf (#4228) 2023-05-23 14:08:56 +02:00
phantinuss 08861cb9dd fix: FPs in testing environment 2023-05-23 12:24:01 +02:00
phantinuss d7f3bf9736 fix: FP in prod env 2023-05-22 10:36:19 +02:00
frack113 b249536e3d Merge pull request #4236 from YamatoSecurity/update-Suspicious-Export-PfxCertificate 
update "Suspicious Export-PfxCertificate" rule
 2023-05-19 09:19:10 +02:00
Nasreddine Bencherchali a6e5a93e32 feat: update metadata and add process creation version 2023-05-18 23:45:48 +02:00
Nasreddine Bencherchali 62caac4708 feat: multiple updates and new rules (#4242) 2023-05-17 17:21:59 +02:00
BlueTeamOps 7b90c00a45 feat: add new rules related to cloudflared usage (#4243) 2023-05-17 17:21:23 +02:00
Nasreddine Bencherchali 0cb01970e7 feat: new rules, updates and goofy guineapig stuff (#4229) 2023-05-15 15:53:39 +02:00
Swachchhanda Shrawan Poudel d56c9d9006 Extended the coverage of existing defender tampering related rules 2023-05-10 21:23:47 +05:45
Nasreddine Bencherchali e0a2d52671 Merge pull request #4218 from nasbench/fin7-rules 
feat: updates and new rules related to fin7
 2023-05-09 16:14:26 +02:00
Nasreddine Bencherchali bbf1e54510 fix: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-05-09 16:04:24 +02:00