security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,661 Commits 1 Branch 57 Tags
fb79c36372a8fd994cd37a67d1c3ef574da11150
Commit Graph

11446 Commits

Author SHA1 Message Date
frack113 9ad58353a7 Update from review 2023-02-01 18:30:45 +01:00
frack113 c1ef84fd66 Merge remote-tracking branch 'upstream/master' into pr/3989 2023-02-01 18:27:51 +01:00
frack113 3d8b82805c Merge pull request #3992 from D4rkCiph3r/osacompile 
Create proc_creation_macos_osacompile_run-only_execution.yml
 2023-02-01 18:17:00 +01:00
frack113 f121041cf0 Merge pull request #3991 from D4rkCiph3r/macro-osa 
Create proc_creation_macos_macros_execution.yml
 2023-02-01 18:16:23 +01:00
Nasreddine Bencherchali 55f16c3f84 fix: update metadata and logic 2023-02-01 17:45:01 +01:00
Nasreddine Bencherchali d8b17f1d9f fix: add ref and update description 2023-02-01 17:23:36 +01:00
Nasreddine Bencherchali 0cddb6194c Merge pull request #3993 from D4rkCiph3r/patch-1 
feat: add new extension to osascript rule
 2023-02-01 17:22:08 +01:00
Nasreddine Bencherchali 04227055e4 fix: add reference 2023-02-01 17:15:10 +01:00
Nasreddine Bencherchali ac85d5ebff Merge pull request #3997 from nasbench/update-nextron-authors 
chore: add nextron authors tag
 2023-02-01 17:07:25 +01:00
Nasreddine Bencherchali 31a5c08480 fix: reduce author set 2023-02-01 14:34:46 +01:00
Nasreddine Bencherchali beebafe9ce fix: special case 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-02-01 13:22:11 +01:00
phantinuss 08b801aaff fix: FPs with IPv6 adresses 2023-02-01 11:21:12 +01:00
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag 2023-02-01 11:14:59 +01:00
Qasim Qlf f7e2fc1682 Update proc_creation_win_vul_java_remote_debugging.yml 2023-02-01 11:02:57 +05:00
frack113 cd58c1baef fix title case 2023-02-01 06:35:26 +01:00
frack113 2b198b7c32 Merge pull request #3971 from frack113/order_rule_folder 
Order root rules folder
 2023-01-31 21:05:28 +01:00
frack113 00d731bcb5 Merge pull request #3990 from qasimqlf/patch-28 
Update proc_creation_win_purplesharp_indicators.yml
 2023-01-31 17:49:01 +01:00
frack113 26575cc2e0 Update proc_creation_macos_applescript.yml 2023-01-31 17:46:43 +01:00
frack113 66700a69e2 Merge pull request #3994 from ionsor/patch-8 
Update proc_creation_lnx_hack_tools.yml
 2023-01-31 17:45:11 +01:00
Nasreddine Bencherchali 55bf797563 fix: selection again 2023-01-31 17:40:17 +01:00
Nasreddine Bencherchali 97f35b7a4d Merge pull request #3980 from nasbench/blackberry-rules-cti-2023 
feat: new rules from blackberry
 2023-01-31 17:23:24 +01:00
Nasreddine Bencherchali 2684f0f63c fix: remove unnecessary entry 2023-01-31 17:21:42 +01:00
Nasreddine Bencherchali 412efdad03 fix: update selection 2023-01-31 17:15:49 +01:00
Nasreddine Bencherchali 164ee358c3 fix: update modified date 2023-01-31 17:12:20 +01:00
Nasreddine Bencherchali 6a337151d1 feat: apply suggestions from code review 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
 2023-01-31 17:11:18 +01:00
Feathers 8f6242c35f Update proc_creation_lnx_hack_tools.yml 
added to the list of hacking tools, Linpeas, a privilege escalation script
 2023-01-31 17:01:17 +01:00
D4rkCiph3r 596f5471f4 Merge branch 'SigmaHQ:master' into osacompile 2023-01-31 19:22:47 +05:30
D4rkCiph3r ce577987a2 Update and rename proc_creation_macos_osacompile_run-only_execution.yml to proc_creation_macos_osacompile_runonly_execution.yml 2023-01-31 19:20:06 +05:30
D4rkCiph3r c3b826a76c Update proc_creation_macos_applescript.yml 
minor updates to the CLI parameters, based on real-world observations
 2023-01-31 19:16:15 +05:30
Nasreddine Bencherchali 3f8bd9f51f fix: further improve detection section 2023-01-31 14:35:09 +01:00
D4rkCiph3r 440649b087 Create proc_creation_macos_osacompile_run-only_execution.yml 2023-01-31 19:03:35 +05:30
D4rkCiph3r 4c28487480 New Rule for T1115 macOS (#3988) 
feat: add new rule related to osascript reading clipboard
 2023-01-31 14:32:08 +01:00
Nasreddine Bencherchali 995bf1a725 Merge pull request #3979 from nasbench/nasbench-rule-devel 
feat: multiple updates and enhancements
 2023-01-31 14:30:31 +01:00
Nasreddine Bencherchali 2f6d1f042c fix: update detection section 2023-01-31 14:28:11 +01:00
Nasreddine Bencherchali 34eddd3c31 Merge pull request #3985 from qasimqlf/patch-25 
fix: optimize detection logic
 2023-01-31 14:25:20 +01:00
D4rkCiph3r e4ace3d363 Create proc_creation_macos_macros_execution.yml 2023-01-31 18:48:03 +05:30
Qasim Qlf dab39e199c Update proc_creation_win_purplesharp_indicators.yml 2023-01-31 18:15:06 +05:00
Nasreddine Bencherchali 33952874f1 fix: update selection 2023-01-31 14:14:50 +01:00
frack113 8b321ba0b2 Order root rules folder 2023-01-31 14:05:08 +01:00
frack113 dfe448aba6 Merge pull request #3983 from qasimqlf/patch-24 
fix: value
 2023-01-31 13:50:02 +01:00
frack113 93f9f1b5f3 Merge pull request #3987 from qasimqlf/patch-27 
fix: selection
 2023-01-31 13:46:35 +01:00
frack113 9249996504 Update proc_creation_win_lolbin_pktmon.yml 2023-01-31 13:41:54 +01:00
frack113 38cad68b51 Merge pull request #3982 from qasimqlf/patch-23 
fix: condition
 2023-01-31 13:38:50 +01:00
frack113 67cf2bc4d1 Merge pull request #3981 from qasimqlf/patch-22 
fix: value
 2023-01-31 13:38:17 +01:00
D4rkCiph3r 21ac747d36 Update proc_creation_macos_jxa_payoad_execution.yml 
updated the formats wrt fields structuring
 2023-01-31 17:35:27 +05:30
D4rkCiph3r 98250cba9c Create proc_creation_macos_jxa_payoad_execution.yml 2023-01-31 17:23:24 +05:30
Nasreddine Bencherchali 4006145b8d fix: filename 2023-01-31 12:53:04 +01:00
Nasreddine Bencherchali eb26d94c14 fix: order fields and optimize selection 2023-01-31 12:42:20 +01:00
Nasreddine Bencherchali e158d6c1eb feat: add shadow file 2023-01-31 12:25:33 +01:00
D4rkCiph3r f67072fddc Update proc_creation_macos_jxa_in-memory_execution.yml 2023-01-31 16:54:29 +05:30