security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,016 Commits 1 Branch 57 Tags
f4928e95bc059fcefa2babf0da780d645fc6fbea
Commit Graph

2016 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Florian Roth f4928e95bc Update powershell_suspicious_profile_create.yml 2020-04-03 09:36:17 +02:00
hieuttmmo 0c07c5ea16 convention 2019-10-25 11:00:05 +07:00
hieuttmmo e86ab608f2 Update powershell_suspicious_profile_create.yml 2019-10-25 10:53:21 +07:00
hieuttmmo edb698c7f7 Update powershell_suspicious_profile_create.yml 2019-10-25 00:28:11 +07:00
hieuttmmo 73b10807d8 Rename powershell_susp_profile_create.yml to powershell_suspicious_profile_create.yml 2019-10-25 00:14:39 +07:00
hieuttmmo 0e4cd397ef Create new rules for T1502 2019-10-25 00:14:21 +07:00
Florian Roth a5ec6722a1 rule: the actual changes to hwp rule 2019-10-24 15:35:13 +02:00
Florian Roth 86c1b4ae4b rule: hwp exploits 2019-10-24 11:46:56 +02:00
Florian Roth 3d4ce9d175 rule: another reference link for 'execution by ordinal' 2019-10-22 15:18:19 +02:00
Florian Roth b3654947bc rule: suspicious call by ordinal (rundll32) 2019-10-22 12:40:26 +02:00
Florian Roth 0f02f2bdfc rule: adjusted very noisy rule on AppLocker whitelist bypass 2019-10-22 12:32:37 +02:00
Florian Roth 3bd3e724f1 Merge pull request #473 from joesecurity/patch-3 
Update README.md
 2019-10-21 13:34:41 +02:00
Florian Roth 439045a87b Reordered projects 2019-10-21 13:34:30 +02:00
Florian Roth 4e7ad5c948 rule: added date to crypto miner rule 2019-10-21 13:24:33 +02:00
Florian Roth e8963b2599 rule: crypto miner user agents in proxy logs 2019-10-21 13:21:50 +02:00
Joe Security b815b15255 Update README.md 
Added Joe Sandbox to list of supported Projects or Products.
 2019-10-21 13:13:49 +02:00
Florian Roth c8b5b91815 Merge pull request #471 from a2tf/rule_change_proxy_uri_to_url 
rule: changed two proxy rules from uri-query to url
 2019-10-21 12:52:36 +02:00
Thomas Patzke 8a545b973b Sigmatools release 0.13 0.13 2019-10-21 11:58:26 +02:00
Florian Roth 9457f01c29 Update proxy_ios_implant.yml 2019-10-21 11:20:11 +02:00
Florian Roth f8d8eb7948 Update proxy_chafer_malware.yml 2019-10-21 11:19:59 +02:00
Florian Roth 454ba2b576 rule: modified sudo vuln rule to be most generic 2019-10-20 14:02:10 +02:00
Florian Roth 08ff2f38bc Revert "rule: modified sudo vuln rule to be most generic" 
This reverts commit ef6a25d109.
 2019-10-20 14:01:14 +02:00
Florian Roth ef6a25d109 rule: modified sudo vuln rule to be most generic 2019-10-20 10:37:05 +02:00
Florian Roth bd93425639 Added Sumologic to list 2019-10-19 10:11:28 +02:00
a2tf a2753ba5a6 rule: changed two proxy rules from uri-query to url 2019-10-18 14:15:39 +00:00
Thomas Patzke fc276612b6 Added encoding modifiers 2019-10-16 23:52:06 +02:00
Thomas Patzke 522f021ef1 Merge pull request #461 from Galapag0s/patch-2 
Added Additional history clearing options
 2019-10-16 22:35:41 +02:00
Thomas Patzke 02d193c518 Merge pull request #470 from stevengoossensB/master 
Mapping the fields in the select statement according to the configuration file
 2019-10-16 22:34:28 +02:00
Florian Roth deb3ecf404 fix: relevant fields in lsass dll load rule 2019-10-16 19:09:20 +02:00
Steven Goossens 5f7813f71e Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 16:38:59 +02:00
Steven Goossens 6a1a96a918 Implement mapping when selecting the fields for the AQL query. This was not being done correctly 2019-10-16 16:37:09 +02:00
Florian Roth ab292a4029 rule: simplified Emotet rule 2019-10-16 15:29:42 +02:00
Florian Roth 36f678930d rule: updated sudo vuln rule to detect 0-padding part 2 
https://twitter.com/joshbressers/status/1184455759620378627
 2019-10-16 15:10:44 +02:00
Florian Roth 5374d18e4b rule: updated sudo vuln rule to detect 0-padding 
https://twitter.com/taviso/status/1184238670343065600
 2019-10-16 15:03:28 +02:00
Florian Roth c396526f40 rule: LSASS DLL load via undocumented Registry key 
https://twitter.com/SBousseaden/status/1183745981189427200
 2019-10-16 13:18:44 +02:00
Florian Roth 5d143f4f22 rule: emotet rule references extended 2019-10-16 13:18:44 +02:00
Thomas Patzke 8c8ac52b57 Merge pull request #469 from stevengoossensB/master 
Added the cleanValue function for Qradar
 2019-10-16 11:24:57 +02:00
Steven Goossens c6e0e10613 Merge branch 'master' of https://github.com/Neo23x0/sigma 2019-10-16 11:06:53 +02:00
Steven Goossens 2837d3ba74 Added the cleanValue function for Qradar 2019-10-16 10:27:24 +02:00
Florian Roth d46154da5c rule: extending Emotet rule 2019-10-16 10:22:48 +02:00
Florian Roth 38c19db1c5 Set theme jekyll-theme-minimal 2019-10-15 16:39:49 +02:00
Florian Roth 4ea469d138 rule: suspicious compression tool parameters 2019-10-15 16:38:53 +02:00
Florian Roth e870c86fb0 rule: keyboad layout preloads extended with ' 2019-10-15 15:11:00 +02:00
Florian Roth 921a39f1e3 rule: extended sudo rule with variant for USER field 2019-10-15 14:55:09 +02:00
Florian Roth 96d77447d2 rule: added reference and mitre tags 2019-10-15 09:44:17 +02:00
Florian Roth 49ed76004c rule: sudo priv esc vuln CVE-2019-14287 2019-10-15 09:39:08 +02:00
Florian Roth 52fef7ae10 Merge pull request #468 from 2d4d/lsass_without_exe 
remove .exe from lsass
 2019-10-14 18:03:13 +02:00
Florian Roth 8db1cac910 fix: made rule compatible with event id 4688 2019-10-14 18:01:24 +02:00
Florian Roth 0e2284a176 rule: modified the default 2019-10-14 17:50:48 +02:00
Florian Roth 312311494d rule: suspicious code page switch using chcp 2019-10-14 17:45:25 +02:00