security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
11,444 Commits 1 Branch 57 Tags
fda9c753e2dcbefeebfdb1505428feeeb2d5fef1
Commit Graph

8707 Commits

Author SHA1 Message Date
Florian Roth fda9c753e2 Update image_load_msdt_sdiageng.yml 2022-06-17 18:46:14 +02:00
Florian Roth 725cadc902 Update image_load_msdt_sdiageng.yml 2022-06-17 08:49:17 +02:00
eiger 764dbc4e3c Fix: Sigma title error 2022-06-17 14:40:01 +08:00
eiger e4ab54d60f Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:41:08 +08:00
eiger 7444869de3 Rule: Follina and DogWalk exploit msdt.exe loading sdiageng.dll 2022-06-17 09:29:20 +08:00
eiger 21edcafa36 Rule: Follina or DogWalk exploit sdiageng.dll 2022-06-17 09:21:57 +08:00
G Y 1eb02a0025 Update proc_creation_win_sysinternals_eula_accepted.yml 
Description changed (original description was taken from registry_add_sysinternals_eula_accepted.yml).
 2022-06-16 14:49:17 +08:00
securepeacock aa01c73f72 Update registry_set_enabling_turnoffcheck.yml 2022-06-15 11:49:38 -04:00
securepeacock bd6f9936a5 Rename registry_set_enabling_turn_off_check.yml to registry_set_enabling_turnoffcheck.yml 2022-06-15 11:07:55 -04:00
securepeacock 35c6084ef7 Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:55:15 -04:00
securepeacock 1f279f633a Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:54:23 -04:00
securepeacock cfabbc4bdf Update registry_set_enabling_turn_off_check.yml 2022-06-15 10:51:15 -04:00
securepeacock c0f01c84b3 Create registry_set_enabling_turn_off_check.yml 2022-06-15 10:49:19 -04:00
Nasreddine Bencherchali a2d19f3db2 Add FP filter + FP remark 2022-06-15 11:48:15 +01:00
Nasreddine Bencherchali 9f0989e49c Quick typo fix 2022-06-15 11:38:34 +01:00
Nasreddine Bencherchali 894f6af09f Removed double quotes 2022-06-15 11:30:01 +01:00
Nasreddine Bencherchali ee23e653f9 Added "GET" method selection 2022-06-15 11:29:31 +01:00
Nasreddine Bencherchali e42318b0fb Update web_ssti_in_access_logs.yml 2022-06-14 22:10:09 +01:00
Nasreddine Bencherchali 143d70a959 Renamed CVE rule 5 2022-06-14 22:06:07 +01:00
Nasreddine Bencherchali b54df8d9ce Rename+Update 2022-06-14 21:58:34 +01:00
Nasreddine Bencherchali 6fd2339d0c Merge branch 'master' of https://github.com/nasbench/sigma 2022-06-14 19:33:49 +01:00
Nasreddine Bencherchali bc94d575b7 Update proc_creation_win_susp_explorer_break_proctree.yml 2022-06-14 19:31:25 +01:00
Nasreddine Bencherchali 5bf7b49671 Renamed More Rules 2022-06-14 19:28:27 +01:00
Nasreddine Bencherchali f527b8eb4c Rename Web CVE Rules 
Renamed WEB CVE rules to the format "web_cve_20XX_XXXX_rest_of_name"
 2022-06-14 19:22:26 +01:00
Nasreddine Bencherchali 00db705ae6 Rename Web Rule 2022-06-14 19:13:15 +01:00
Nasreddine Bencherchali 3b7a405492 Update proc_creation_win_lolbin_forfiles.yml 2022-06-14 18:18:14 +01:00
Nasreddine Bencherchali 7f75aceaf7 Update proc_creation_win_lolbin_pcalua.yml 2022-06-14 17:41:09 +01:00
Nasreddine Bencherchali f9bbe7e423 Update proc_creation_win_susp_explorer_break_proctree.yml 2022-06-14 17:40:01 +01:00
Nasreddine Bencherchali f065928dc0 Create proc_creation_win_lolbin_pcalua.yml 2022-06-14 17:39:58 +01:00
Nasreddine Bencherchali f34bc22537 Create proc_creation_win_lolbin_forfiles.yml 2022-06-14 17:39:55 +01:00
Nasreddine Bencherchali 6476152624 Create proc_creation_win_conhost_path_traversal.yml 2022-06-14 17:39:52 +01:00
Florian Roth afce3ffcae Merge branch 'master' into msdt-rules 2022-06-13 22:55:40 +02:00
Florian Roth 2a4e6d8ebe Merge pull request #3123 from phantinuss/master 
fix FP and add Follina reference to description
 2022-06-13 22:54:54 +02:00
Florian Roth 037bf0f6bb Update proc_creation_win_lolbin_susp_certreq_download.yml 2022-06-13 18:27:56 +02:00
Nasreddine Bencherchali 0e0f44fc0c Update proc_creation_win_msdt.yml 2022-06-13 16:36:19 +01:00
Nasreddine Bencherchali 8ca55de64c Update proc_creation_win_msdt.yml 2022-06-13 14:33:12 +01:00
Nasreddine Bencherchali ffd236158c Update MSDT Rules 2022-06-13 14:30:35 +01:00
phantinuss d382f91313 fix: FP with AVG anti virus 2022-06-13 13:30:21 +02:00
phantinuss 92c2976793 docs: add Follina reference in description 2022-06-13 13:30:21 +02:00
Nasreddine Bencherchali e96532344f Removed "modified" date 2022-06-13 11:31:47 +01:00
Nasreddine Bencherchali 21f20c9e7a Renamed to shorter names 2022-06-13 00:52:53 +01:00
Nasreddine Bencherchali 7b3e6c7f59 Update proc_creation_win_lolbin_rasautou_dll_execution.yml 2022-06-13 00:21:32 +01:00
Nasreddine Bencherchali ffd135c6b6 Renamed LOLBIN rules + Other 2022-06-12 23:59:25 +01:00
Nasreddine Bencherchali 13b02a2aec Renamed LOLBIN Rules 2 2022-06-12 21:37:42 +01:00
Nasreddine Bencherchali 3cfb370266 Renamed LOLBIN Rules 2022-06-12 21:36:52 +01:00
Florian Roth 6d07a3aaff Merge pull request #3121 from frack113/Cmdkey 
Update Cmdkey
 2022-06-12 18:37:19 +02:00
Florian Roth 1c8c9d4ff2 refactor: one more space char 2022-06-12 18:06:51 +02:00
frack113 dc67990e07 Update proc_creation_win_local_system_owner_account_discovery.yml 2022-06-12 17:58:33 +02:00
frack113 fb0618795f Update proc_creation_win_mstsc.yml 2022-06-12 17:52:37 +02:00
Florian Roth 9caea8bb03 Merge pull request #3118 from SigmaHQ/rule-devel 
rules: DNS ext requests, ISO phish, BITS refactor
 2022-06-12 17:51:11 +02:00