security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,650 Commits 1 Branch 57 Tags
f7e670d55eff9f23ba12a4afdaadb4689c141fd5
Commit Graph

69 Commits

Author SHA1 Message Date
frack113 f7e670d55e Simple Quote 2022-01-11 13:40:53 +01:00
Florian Roth 11164849b3 Merge pull request #2543 from SigmaHQ/rule-devel 
Several new rules and some fixes
 2022-01-11 12:44:03 +01:00
Florian Roth e055ec1d52 refactor: change all " of them" expressions 2022-01-11 10:59:57 +01:00
Florian Roth 55d49b7e9b Merge branch 'master' into rule-devel 2022-01-11 08:20:29 +01:00
frack113 16f3fdb922 fix detection 2022-01-10 17:48:46 +01:00
Florian Roth ab761ce996 refactor: adjusted rule level 2022-01-09 16:13:25 +01:00
Florian Roth 68fea95772 Update posh_ps_suspicious_iofilestream.yml 2022-01-09 16:12:31 +01:00
frack113 01c6e5f6e3 Windows Redcannary 2022-01-09 12:37:23 +01:00
frack113 af99c75785 Windows Redcannary 2022-01-08 09:17:56 +01:00
frack113 33b5223ab7 fix quote 2022-01-06 14:09:09 +01:00
frack113 73f258e2d1 Change double quote to quote 2022-01-06 14:02:35 +01:00
frack113 601aa50587 Merge pull request #2507 from frack113/redcannary_20220102 
Windows Redcannary
 2022-01-03 12:38:05 +01:00
frack113 8b67ad069e Windows Redcannary 2022-01-02 10:36:52 +01:00
frack113 7eebc4d054 Windows redcannary 2022-01-01 08:42:40 +01:00
frack113 2eda4d51d5 Merge pull request #2500 from frack113/redcannary_20211229 
Windows Redcannary
 2021-12-31 17:29:09 +01:00
Florian Roth 07036fd2a7 Update powershell_ps_office_comobject_registerxll.yml 2021-12-31 15:48:41 +01:00
Florian Roth dde4d25b6b Update powershell_ps_directoryservices_accountmanagement.yml 2021-12-31 15:48:15 +01:00
frack113 5d5b3e83b1 Windows persistence 2021-12-30 11:58:10 +01:00
frack113 d8f5d3cca3 Windows Redcannay 2021-12-29 17:47:43 +01:00
frack113 1a877a5ccd Merge pull request #2495 from frack113/redcannary_20211227 
Windows redcannary rules
 2021-12-28 12:52:07 +01:00
Florian Roth 01021a585d Update powershell_ps_susp_win32_shadowcopy.yml 2021-12-28 12:04:14 +01:00
Florian Roth af3462f7e6 Update powershell_ps_susp_remove_adgroupmember.yml 2021-12-28 12:03:40 +01:00
frack113 744b7602c9 Windows redcannary rules 2021-12-27 20:25:01 +01:00
frack113 b967deaabd Windows Redcannary impact 2021-12-26 12:09:42 +01:00
frack113 0e31c23620 Merge pull request #2476 from frack113/redcannary_20211220 
Windows Redcannary
 2021-12-21 20:41:58 +01:00
frack113 e542c10e8e Fix error 2021-12-20 11:35:12 +01:00
frack113 96a42f3bb5 Windows redcannary 2021-12-20 10:43:32 +01:00
frack113 b89580488a Windows Redcannary 2021-12-19 11:20:42 +01:00
frack113 ab450e5782 Merge pull request #2458 from frack113/redcanary_20211216 
Windows Redcanary T1518.001 discovery
 2021-12-16 22:47:23 +01:00
frack113 605ec35109 fix space 2021-12-16 10:41:07 +01:00
frack113 d7e9dccdbe Windows redcannary 2021-12-16 10:32:45 +01:00
frack113 426d8193ad Windows redcannary 2021-12-15 19:36:16 +01:00
frack113 37f1938a4a Rename powershell_ps_get_childitem_bookmarks 2021-12-13 12:04:00 +01:00
frack113 6115eeda62 windows redcanary t1217 2021-12-13 11:02:33 +01:00
frack113 97580d4fa1 fix space 2021-12-12 12:25:05 +01:00
frack113 221f479825 Windows Redcannay T1069.001 2021-12-12 12:15:27 +01:00
frack113 e215f4606b Order rules 2021-12-04 10:07:07 +01:00
phantinuss 07a0a37273 feat: discourage the usage of 'all of them' and migrate existing rules to use the preferred method 'all of selection*' 2021-12-02 14:47:39 +01:00
Tim Shelton 0e55a06e6e adding missing : 2021-12-01 23:14:57 +00:00
Tim Shelton bd13c7b77b fixing yaml formatting 2021-12-01 21:27:31 +00:00
Tim Shelton 1ebd75754f omgosh fix err in syntax on this.... sooo sorry! 2021-12-01 21:15:41 +00:00
Tim Shelton 48a45b06eb fixing format 2021-11-29 19:23:31 +00:00
Tim Shelton f0c6dbdc84 adding amazon ec2 to list of false positives 2021-11-29 19:20:00 +00:00
frack113 010a988fe5 Merge pull request #2318 from austinsonger/clearing_windows_console_history.yml 
clearing_windows_console_history.yml
 2021-11-27 07:43:52 +01:00
Austin Songer 48d9aec318 Update powershell_clearing_windows_console_history.yml 2021-11-26 09:18:37 -06:00
Florian Roth d91b925873 fix: FPs 2021-11-26 14:42:21 +01:00
Austin Songer 25df58702a Update powershell_clearing_windows_console_history.yml 2021-11-25 19:08:55 -06:00
Austin Songer a9ab7f4e13 Update powershell_clearing_windows_console_history.yml 2021-11-25 19:08:27 -06:00
Austin Songer f8fd44d92a Update powershell_clearing_windows_console_history.yml 2021-11-25 19:06:18 -06:00
Austin Songer c3d5d1c231 clearing_windows_console_history.yml 2021-11-25 19:04:30 -06:00