security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

47 Commits

Author SHA1 Message Date
Florian Roth 7d6baaa79a Merge pull request #2014 from SigmaHQ/rule-devel 
CVE-2021-40444 file creation - winword.exe + .cab
 2021-09-10 18:50:59 +02:00
Florian Roth 9e7ede66cc CVE-2021-40444 file creation - winword.exe + .cab 2021-09-10 18:13:09 +02:00
frack113 d9cd1652f2 Split global sysmon rules 2021-09-09 16:11:41 +02:00
Florian Roth 6b2bacd2cc Merge pull request #1979 from frack113/test_global 
Change ID in global action rule
 2021-09-06 08:44:14 +02:00
frack113 6780182c37 Merge pull request #1974 from frack113/tags_pack2 
Add missing Tags
 2021-09-03 19:13:32 +02:00
frack113 a6bb5574fb Update global id 2021-09-03 06:35:35 +02:00
phantinuss ab721c736c chore: move level/falsepositives to bottom 2021-09-02 14:55:17 +02:00
frack113 1ba0a7c7a3 add missing tags 2021-09-01 19:38:35 +02:00
phantinuss 9ffdced740 fix: implement suggestions from PR discussion 2021-09-01 10:21:37 +02:00
phantinuss 3a9e10d081 bulk of new rules to match working UACMe UAC bypasses 2021-08-31 12:51:21 +02:00
frack113 7753f8c22e fix tags 2021-08-24 12:36:31 +02:00
frack113 5b869a3f42 Update cve tags 2021-08-24 10:50:01 +02:00
frack113 064c65cb1f Merge pull request #1892 from frack113/clean_PS 
Powershell Cleanup
 2021-08-21 18:04:52 +02:00
frack113 a44206bfa0 Some cleanup 2021-08-21 17:33:39 +02:00
pbssubhash eee497f656 Title modification 2021-08-21 20:04:03 +05:30
pbssubhash a415463f5b Modified rule 2021-08-21 19:37:28 +05:30
pbssubhash fba54b8d69 First Rule commit 2021-08-21 17:47:56 +05:30
frack113 da839775fe Update PS rules 2021-08-21 09:50:59 +02:00
Florian Roth a0625ad074 Merge branch 'master' into rule-devel 2021-08-17 12:29:55 +02:00
Florian Roth 3028eb68b6 refactoring: procdump rules 2021-08-16 13:55:00 +02:00
frack113 e45557316e Fix selection with only 1 element 2021-08-14 09:54:27 +02:00
frack113 cf8d8d3ed4 fix TargetFilename case error 2021-08-06 08:43:05 +02:00
Florian Roth 21c4d241a1 HiveNightmare and Relay attack tools adjustments 2021-07-26 10:59:35 +02:00
Florian Roth 9771943116 refactor: new file pattern SeriousSAM 2021-07-24 16:13:36 +02:00
Florian Roth 07223baaeb fix: typo in date value 2021-07-24 10:22:07 +02:00
Florian Roth c0138d5ced add additional filename pattern to HiveNightmare rule 2021-07-23 10:39:41 +02:00
Florian Roth 5955efa750 adjusted timestamp 2021-07-23 09:45:50 +02:00
Florian Roth d9dc442f4e rule: HiveNightmare 2021-07-23 09:41:00 +02:00
G Y a60a2feb17 Update sysmon_susp_pfx_file_creation.yml 
Fixed typo.
 2021-07-04 10:38:53 +08:00
Bhabesh Rai 37d5d1c0ca Added new path 2021-07-01 16:24:07 +05:45
Bhabesh Rai 206adbb2b6 Merging upstream updates 2021-07-01 12:18:30 +05:45
Bhabesh Rai 56eed19fba Added rules for successful exploitation fo CVE-2021-26857/8 in Exchannge 2021-03-03 12:46:50 +05:45
Florian Roth de5444a81e Merge pull request #989 from oscd-initiative/master 
[OSCD Initiative][ATT&CK tags update]
 2020-09-08 13:27:58 +02:00
ecco b9f7d58dbc fix ADSI rule false positive 2020-09-06 09:17:53 -04:00
Yugoslavskiy Daniil 42c4079ed8 att&ck tags review: windows/builtin, windows/driver_load, windows/file_event, windows/image_load, windows/other 2020-08-25 01:09:17 +02:00
Poming huang 2b2bf34a64 add wmi persistence script event consumer false positive 2020-07-20 12:27:16 +08:00
Aidan Bracher dcf20e580d Updated tags to include sub-techniques 2020-07-18 02:50:57 +01:00
Aidan Bracher 23dd2e3cac Updated to include sub-technique mapping 2020-07-18 02:29:58 +01:00
Brad Kish c758ca0eb9 Re-fix sysmon rules that are lost changes with category refactoring. 
Several fixes for sysmon rules got lost when the rules were refactored to use
categories.

Re-add the fixes.

https://github.com/Neo23x0/sigma/commit/38afd8b5def24191616ff0f0c0324cfbb7f0d6d0

https://github.com/Neo23x0/sigma/commit/422b2bffd77b217e6cec9a67c496b0aa44711ece

https://github.com/Neo23x0/sigma/commit/dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9
 2020-07-06 10:55:42 -04:00
Brad Kish 1e9d0e9653 Fixes for rules in the sysmon file_event category 
Fix a couple of typos

For sysmon_hack_dumpert:
Make sure the logsource is category file_event and not sysmon. Don't set
the category at the global level. Instead set in the individual document.
 2020-07-03 16:22:29 -04:00
Florian Roth abf5f799d6 docs: more references 2020-07-03 13:19:44 +02:00
Florian Roth 1f0b1e58a9 fix: bugs in rule and title 2020-07-03 09:54:10 +02:00
Florian Roth 33fef8bcf5 DesktopImgDownLdr rules 2020-07-03 09:45:48 +02:00
Florian Roth 9c0f9f398f refactor: sysmon rule cleanup > generlization 2020-07-01 10:58:39 +02:00
Florian Roth 154181c6c8 fix: renamed files and lien break change 2020-07-01 09:48:48 +02:00
Florian Roth d70b63b78c rule: RedMimicry rules (modified) 2020-07-01 09:17:31 +02:00
Florian Roth f3fedef8f5 Changed category names and remove sysmon log source 2020-06-24 17:41:21 +02:00