security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13,095 Commits 1 Branch 57 Tags
faad0209dec4d91c74d3f51f26a09f87900a9032
Commit Graph

10154 Commits

Author SHA1 Message Date
nasreddine.bencherchali@nextron-systems.com faad0209de Rename Plink Port Forward Rule 2022-10-12 11:24:28 +02:00
Nasreddine Bencherchali f55f4ca2d6 Update Rules 2022-10-12 10:04:15 +02:00
Nasreddine Bencherchali d42e5b5435 New Rules 2022-10-12 10:04:04 +02:00
Florian Roth a55cea92e0 Merge pull request #3572 from nasbench/nasbench-rule-devel 
Rule Dev - Small Updates
 2022-10-11 00:40:35 +02:00
Florian Roth 41d2ece9f4 Merge pull request #3573 from SigmaHQ/rule-devel 
rule: Process Hacker, PCHunter; ZINC APT UA
 2022-10-11 00:40:21 +02:00
Florian Roth 0df87d76f2 fix: duplicate, list with one entry 2022-10-10 22:49:34 +02:00
Nasreddine Bencherchali bf28e42f01 Fix FP Found In Testing 2022-10-10 17:33:14 +02:00
Florian Roth b2c012146e rules: pchunter, process hacker 2022-10-10 17:21:17 +02:00
Florian Roth 5da911eb84 Merge branch 'master' into rule-devel 2022-10-10 14:35:37 +02:00
Nasreddine Bencherchali 7e2f624b0f Update drivers list 2022-10-10 13:03:56 +02:00
Nasreddine Bencherchali 0d253472eb Update driver_load_vuln_drivers_names.yml 2022-10-10 12:28:41 +02:00
Florian Roth 5cbd355d95 ZINC / Lazarus UAs 2022-10-10 12:23:09 +02:00
Nasreddine Bencherchali 8b40e6fe21 Add missing backslash and remove duplicate 2022-10-10 11:35:50 +02:00
Nasreddine Bencherchali be0a3ad863 Add missing definition section for EID 4697 2022-10-10 10:22:46 +02:00
Florian Roth cb73e9725a Merge pull request #3570 from SigmaHQ/rule-devel 
IOX and NPS tunneling tools
 2022-10-10 00:26:48 +02:00
frack113 cf7a348028 Fix related 2022-10-09 17:28:05 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth e009ba937e rule: NPS tunneling tool 2022-10-08 09:49:51 +02:00
Florian Roth deb5540816 rules: refactored FRP, new IOX 2022-10-08 09:32:36 +02:00
Florian Roth e2a172e257 Merge pull request #3569 from SigmaHQ/aurora-false-positive-fixing 
Aurora false positive fixing
 2022-10-07 22:52:24 +02:00
Florian Roth ee47f14dbe fix: more changes 2022-10-07 22:36:21 +02:00
Florian Roth c76b488941 fix: FPs during os upgrade 2022-10-07 22:31:13 +02:00
Florian Roth e9746e443e fix: FPs during upgrade 2022-10-07 22:22:59 +02:00
Florian Roth f2f481deba Merge branch 'aurora-false-positive-fixing' of https://github.com/SigmaHQ/sigma into aurora-false-positive-fixing 2022-10-07 22:13:49 +02:00
Florian Roth 4a298c56ce fix: FPs during Windows upgrade 2022-10-07 22:13:47 +02:00
Nasreddine Bencherchali adae180bc2 Update image_load_uipromptforcreds_dlls.yml 2022-10-07 16:49:02 +02:00
Nasreddine Bencherchali 8dbd03ff32 Fix FP In Testing 2022-10-07 13:26:33 +02:00
Florian Roth 5710507a2a Merge pull request #3567 from SigmaHQ/rule-devel 
rule: JuicyPotatoNG brute force indicator
 2022-10-07 11:36:26 +02:00
Florian Roth d36e0dffeb docs: adding comments for the params 2022-10-07 10:56:15 +02:00
Florian Roth d76bdf71df Update win_lpe_indicators_tabtip.yml 2022-10-07 10:48:52 +02:00
Florian Roth 6623778a61 fix: wrong log source 2022-10-07 10:44:35 +02:00
Florian Roth c073388472 rule: lpe - tabtip indicator 2022-10-07 10:41:04 +02:00
Florian Roth b634e1a3f9 Merge pull request #3562 from nasbench/pysigma-fix 
PySigma Issues Fix
 2022-10-07 09:21:15 +02:00
Florian Roth b75ef97876 Update web_exchange_proxyshell.yml 2022-10-07 08:48:01 +02:00
frack113 7539d29e8b Merge pull request #3559 from nasbench/nasbench-rule-devel 
Rule Dev
 2022-10-07 06:07:43 +02:00
nasreddine.bencherchali@nextron-systems.com 8f9c79b3a5 Update registry_set_powershell_in_run_keys.yml 2022-10-06 16:57:24 +02:00
Florian Roth d5e2991a4c Merge pull request #3551 from frack113/redcannary_20221002 
Redcannary rules
 2022-10-06 13:02:46 +02:00
nasreddine.bencherchali@nextron-systems.com 91cf9ce926 Fix modifier 2022-10-06 10:04:01 +02:00
Florian Roth 87b306834c Update web_cve_2022_36804_atlassian_bitbucket_command_injection.yml 2022-10-06 09:29:06 +02:00
Florian Roth 303fbd2e35 Update driver_load_vuln_drivers_names.yml 2022-10-06 09:28:43 +02:00
Florian Roth 8a0cf2e7e6 Update proc_creation_win_hh_chm_http.yml 2022-10-06 09:28:17 +02:00
Florian Roth 235b104495 Update registry_set_register_custom_protocol_handler.yml 2022-10-06 09:27:59 +02:00
Florian Roth c0ff746d99 change: make uppercase in Sysmon version 2022-10-06 09:27:26 +02:00
Florian Roth 84641cc955 Update registry_set_susp_user_shell_folders.yml 2022-10-06 09:25:13 +02:00
Florian Roth f0196039ba Update proc_creation_win_susp_logoff.yml 2022-10-06 09:24:15 +02:00
Florian Roth f1435ea16b Update proc_creation_win_susp_logoff.yml 2022-10-06 09:23:37 +02:00
Florian Roth 881dd0c6d0 Update proc_creation_win_pdq_deploy.yml 2022-10-06 09:22:44 +02:00
Florian Roth 15232621b1 refactor: another JuicyPotatoNG pattern 2022-10-06 08:47:23 +02:00
Florian Roth b6270dfcf0 Merge branch 'master' into rule-devel 2022-10-06 08:43:02 +02:00
Florian Roth d8c80d9193 docs: add ATT&CK technique id 2022-10-06 08:39:53 +02:00