security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,084 Commits 1 Branch 57 Tags
f44eb6345cfc0fdf2e03301de121eeb680d4f724
Commit Graph

781 Commits

Author SHA1 Message Date
Jonhnathan f44eb6345c Update win_grabbing_sensitive_hives_via_reg.yml 2020-10-15 17:53:20 -03:00
Jonhnathan 61a2f105c2 Update win_exploit_cve_2020_10189.yml 2020-10-15 17:52:53 -03:00
Jonhnathan febe489c99 Update win_exploit_cve_2019_1388.yml 2020-10-15 17:52:40 -03:00
Jonhnathan d7b63b8245 Update win_exploit_cve_2019_1378.yml 2020-10-15 17:51:58 -03:00
Jonhnathan 2b8f770b90 Update win_exploit_cve_2017_8759.yml 2020-10-15 17:51:34 -03:00
Jonhnathan e5506f4de1 Update win_exploit_cve_2017_11882.yml 2020-10-15 17:51:20 -03:00
Jonhnathan e163bb18ef Update win_exploit_cve_2017_0261.yml 2020-10-15 17:51:09 -03:00
Jonhnathan 890e256305 Update win_exploit_cve_2015_1641.yml 2020-10-15 17:50:55 -03:00
Jonhnathan a3f59d6f03 Update win_dnscat2_powershell_implementation.yml 2020-10-15 17:49:36 -03:00
Jonhnathan 9f467f66e6 Update win_dns_exfiltration_tools_execution.yml 2020-10-15 17:49:18 -03:00
Jonhnathan 1f7f0956af Update win_crime_fireball.yml 2020-10-15 17:48:37 -03:00
Jonhnathan 9d2ae693fc Update win_control_panel_item.yml 2020-10-15 17:47:25 -03:00
Jonhnathan 1ea8adea31 Update win_cmdkey_recon.yml 2020-10-15 17:46:14 -03:00
Jonhnathan f995f9fa1d Update win_bypass_squiblytwo.yml 
Changed selection a bit
 2020-10-15 17:44:51 -03:00
Jonhnathan 63dc8ce837 Update win_attrib_hiding_files.yml 2020-10-15 17:41:44 -03:00
Jonhnathan afc52e5da5 Update win_apt_zxshell.yml 2020-10-15 17:40:07 -03:00
Jonhnathan ae95b5e998 Update win_apt_wocao.yml 2020-10-15 17:38:05 -03:00
Jonhnathan 5e3b9dc8ba Update win_apt_unidentified_nov_18.yml 2020-10-15 17:36:20 -03:00
Jonhnathan 126fc47101 Update win_apt_tropictrooper.yml 2020-10-15 17:35:41 -03:00
Jonhnathan 3b78c473c8 Update win_apt_slingshot.yml 2020-10-15 17:35:05 -03:00
Jonhnathan c547011499 Update win_apt_mustangpanda.yml 2020-10-15 17:33:44 -03:00
Jonhnathan 82fbfed2c2 Update win_apt_mustangpanda.yml 2020-10-15 17:33:02 -03:00
Jonhnathan a06114d611 Update win_apt_lazarus_session_highjack.yml 2020-10-15 17:31:50 -03:00
Jonhnathan 01bf24b4fc Update win_apt_judgement_panda_gtr19.yml 2020-10-15 17:31:09 -03:00
Jonhnathan 7f5c75ab3e Update win_apt_hurricane_panda.yml 2020-10-15 17:30:34 -03:00
Jonhnathan 0926d76449 Update win_apt_equationgroup_dll_u_load.yml 2020-10-15 17:29:44 -03:00
Jonhnathan 8b593aa309 Update win_apt_empiremonkey.yml 2020-10-15 17:29:19 -03:00
Jonhnathan 00232982b2 Update win_apt_emissarypanda_sep19.yml 2020-10-15 17:28:33 -03:00
Jonhnathan 54f1a0c583 Update win_apt_elise.yml 2020-10-15 17:28:07 -03:00
Jonhnathan d074ea110f Update win_apt_dragonfly.yml 2020-10-15 17:27:42 -03:00
Jonhnathan 5eac9e5161 Update win_apt_cloudhopper.yml 2020-10-15 17:27:27 -03:00
Jonhnathan 2cdead8778 Update win_apt_chafer_mar18.yml 2020-10-15 17:26:58 -03:00
Jonhnathan 96ef4733c3 Update win_apt_bluemashroom.yml 2020-10-15 17:25:17 -03:00
Jonhnathan ca31849be1 Update win_apt_bear_activity_gtr19.yml 2020-10-15 17:24:56 -03:00
Jonhnathan 10522becc3 Update win_apt_apt29_thinktanks.yml 2020-10-15 17:24:03 -03:00
Jonhnathan bc1efd9843 Update sysmon_logon_scripts_userinitmprlogonscript_proc.yml 2020-10-15 17:23:44 -03:00
Jonhnathan fdd9234acc Revert "Create win_susp_replace_lolbin.yml" 
This reverts commit e6a6549676.
 2020-10-15 14:57:18 -03:00
Jonhnathan 17e7eee3a6 Revert "Changed the rule to download only and not the copy" 
This reverts commit 1324bc1ad1.
 2020-10-15 14:57:14 -03:00
Jonhnathan 1324bc1ad1 Changed the rule to download only and not the copy 2020-10-07 16:18:21 -03:00
Jonhnathan e6a6549676 Create win_susp_replace_lolbin.yml 
Item 77 of #1014
 2020-10-07 10:37:15 -03:00
Florian Roth c17ca6d5fe Merge pull request #1018 from savvyspoon/wcry-dns 
WannaCry Killswitch domain DNS query
 2020-09-29 09:27:21 +02:00
Florian Roth d7d9c0e772 Merge pull request #1021 from hieuttmmo/master 
Sigma rule to detect AdFind.exe execution
 2020-09-27 09:50:41 +02:00
Florian Roth 8020fe3c40 false positive condition 2020-09-26 17:03:29 +02:00
Florian Roth 60795f7050 Update win_susp_adfind.yml 
Fear that a simple adfind.exe causes too many false positives
 2020-09-26 17:02:39 +02:00
Florian Roth dbdd758365 Duplicate Rule 
we already have a rule for that
 2020-09-26 17:01:32 +02:00
Tran Trung Hieu d4dd0600ad Fix logsource service to process_creation 2020-09-26 21:45:23 +07:00
Tran Trung Hieu c756fc8576 Detect Suspicious AdFind Execution 2020-09-26 21:34:06 +07:00
Mike Wade 7b1ef9ea64 fixing test runner issues 2020-09-15 15:45:33 -06:00
Mike Wade 6ed36b0e41 fixed issues with tabs and duplicate tags 2020-09-15 08:52:00 -06:00
Mike Wade da9b32bdd6 we 2020-09-15 06:24:44 -06:00