security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
9,335 Commits 1 Branch 57 Tags
fb167c5698ff01a30d2ada8eaa53c4e2dee2e54a
Commit Graph

232 Commits

Author SHA1 Message Date
Florian Roth fb167c5698 Merge pull request #2446 from izysec/patch-4 
Added current known bypass patterns
 2021-12-13 14:04:54 +01:00
Florian Roth 7b93291439 Merge pull request #2445 from izysec/patch-3 
Added current known bypass patterns
 2021-12-13 14:03:59 +01:00
Florian Roth 04ff26c786 Update web_cve_2021_44228_log4j_fields.yml 2021-12-13 11:47:55 +01:00
Florian Roth ea3f1c6228 changed expression 
the last part is already covered by the expression in line 38 but we can add the one that obfuscates the `jndi`
 2021-12-13 11:47:12 +01:00
izysec 5819aa9888 Added current known bypass patterns 
Source: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
 2021-12-13 15:51:25 +05:30
izysec 6c8b0c8fd8 Added current known bypass patterns 
Source: https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
 2021-12-13 15:49:08 +05:30
Florian Roth 758334ac1c Merge branch 'rule-devel' of https://github.com/SigmaHQ/sigma into rule-devel 2021-12-13 09:02:38 +01:00
Florian Roth ef6fb35e2b more patterns for log4shell 2021-12-13 09:02:24 +01:00
Florian Roth d8613fedfe more Log4Shell patterns 2021-12-12 21:27:01 +01:00
Florian Roth 31ddcd4a0d Log4Shell - more patterns 2021-12-12 20:39:09 +01:00
Florian Roth 39217d4b44 rule: JNDIExploit 2021-12-12 13:16:05 +01:00
Florian Roth 63bb7673d6 Merge branch 'master' into rule-devel 2021-12-12 12:47:33 +01:00
Florian Roth 5da7537375 Merge pull request #2436 from izysec/patch-1 
Additional IoC keywords added log4j detection
 2021-12-12 12:46:36 +01:00
Florian Roth 23f59180d5 updated Log4Shell rules 2021-12-12 12:40:14 +01:00
izysec 0b9fd530e6 Additional IoC keywords added log4j detection 
Source: https://community.riskiq.com/article/505098fc/description
 2021-12-12 01:15:02 +05:30
izysec 61e7044d09 Additional IoC keywords added 
https://community.riskiq.com/article/505098fc/description
 2021-12-12 01:11:19 +05:30
Florian Roth a74eac7c7f refactor: added more variants to the field-based rule too 2021-12-11 08:23:43 +01:00
Florian Roth b9bc6646f9 improved log4j detection rule 2021-12-11 08:15:11 +01:00
Florian Roth 8ae7646b73 fix: duplicate ids 2021-12-10 16:14:14 +01:00
Florian Roth aef0179ba7 refactor: log4j rule refactoring 2021-12-10 16:01:43 +01:00
Florian Roth 07e4a9209c docs: more links 2021-12-10 13:31:28 +01:00
Florian Roth 06e41b1e57 refactor: single slash uri scheme + dns 2021-12-10 13:07:32 +01:00
Florian Roth a51c03f54c log4j CVE-2021-44228 2021-12-10 13:05:40 +01:00
Florian Roth 72e85fdc92 rule: Grafana CVE-2021-43798 2021-12-08 12:01:59 +01:00
Florian Roth 330fcf485c Merge branch 'master' into promote_status 2021-11-27 17:15:56 +01:00
frack113 01dc930c17 Change status for old rules 2021-11-27 11:33:14 +01:00
frack113 c6caab9e1e Fix optional section name 2021-11-27 11:27:40 +01:00
frack113 b81b5666ce fix field name 2021-11-23 18:47:42 +01:00
frack113 1cfca93354 Missing status in rules (#2284) 
* add missing status
 2021-11-19 22:32:26 +01:00
Florian Roth c6564908ef rule: Sitecore Pre-Auth RCE CVE-2021-42237 2021-11-17 19:01:35 +01:00
frack113 f8574fcd81 Add cve tags 2021-10-25 18:40:50 +02:00
Florian Roth 30213dba87 Merge pull request #2132 from SigmaHQ/rule-devel 
New Rules
 2021-10-09 19:19:45 +02:00
Florian Roth 195db4cffc refactor: made Apache RCE rule more robust 2021-10-09 18:48:02 +02:00
frack113 930d2d4223 fix id 2021-10-06 17:53:16 +02:00
frack113 dfd316c0ce Add web_iis_tilt_shortname_scan.yml 2021-10-06 17:46:15 +02:00
Florian Roth 7cf01c2f0c extended CVE-2021-41773 rule 2021-10-06 12:43:10 +02:00
Florian Roth 5576f50470 fix: title, add my name 2021-10-05 17:35:09 +02:00
Florian Roth 482df0a0ad rule: Apache Vuln CVE-2021-41773 2021-10-05 17:33:37 +02:00
Florian Roth 93bff7f49d docs: new ID 2021-09-25 11:37:39 +02:00
Florian Roth 31ef53738d refactor: removed old Joomla rules, made generic path traversal 2021-09-25 11:37:02 +02:00
Sittikorn S 7c8df0eb55 Update web_cve_2021_22005_vmware_file_upload.yml 2021-09-25 08:05:00 +07:00
Sittikorn S dea89ad324 Update and rename web_cve_2021_22005_vmware_file_upload to web_cve_2021_22005_vmware_file_upload.yml 2021-09-24 21:35:04 +07:00
Sittikorn S f903640b73 Update web_cve_2021_22005_vmware_file_upload 2021-09-24 21:29:43 +07:00
Sittikorn S 16452ca80e Create web_cve_2021_22005_vmware_file_upload 2021-09-24 21:21:09 +07:00
frack113 934e391159 fix filename 2021-09-23 14:51:59 +02:00
frack113 44feb3ddf6 fix filename 2021-09-23 14:46:13 +02:00
frack113 89776b8c14 fix filename 2021-09-23 14:44:51 +02:00
frack113 8b5f62bdb7 fix filename 2021-09-23 14:41:16 +02:00
frack113 c029e62c64 fix filename 2021-09-23 14:37:34 +02:00
Florian Roth bb2e6acd40 Merge pull request #1926 from pbssubhash/master 
Adding CVE's Exploitation attempt detection: Year - 2010
 2021-09-23 14:08:15 +02:00