security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

400 Commits

Author SHA1 Message Date
Thomas Patzke 5664f72a2a Merge pull request #1054 from NikitaStormwind/task#70 
[OSCD] Detecting Code injection with PowerShell in another process #70
 2020-10-13 00:47:13 +02:00
cyb3rward0g 21f41eaad9 16 rules from DH APT29 day 1 - contributing soon 2020-10-12 18:13:13 -04:00
cyb3rward0g 104b40ce8f 10 rules from THP - contributing soon 2020-10-12 15:42:34 -04:00
Nikita P. Nazarov c5efbc8345 Detects Obfuscated Powershell via Stdin in Scripts 2020-10-12 18:47:51 +03:00
Vasiliy Burov 95cd271686 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 18:10:46 +03:00
Vasiliy Burov 643d700d53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 17:51:19 +03:00
Vasiliy Burov d31f8d6977 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:43:53 +03:00
Vasiliy Burov 2e6f184370 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:11:10 +03:00
Vasiliy Burov 436dd4d90c Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 14:04:24 +03:00
Bartlomiej Czyz e90f91b89e append authors of the update 2020-10-11 23:42:33 +02:00
Vasiliy Burov a0ac753e32 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:39:36 +03:00
Vasiliy Burov 48f6fad6c3 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:35:59 +03:00
Bartlomiej Czyz b6876e5123 remove redundant reference 2020-10-11 23:35:17 +02:00
Vasiliy Burov 8d926dc303 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:27:45 +03:00
Vasiliy Burov 6f7475020a Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:23:27 +03:00
Vasiliy Burov 26ef1da071 Update powershell_cmdline_specific_comb_methods.yml 2020-10-12 00:00:17 +03:00
Vasiliy Burov d4e1786836 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:57:27 +03:00
Vasiliy Burov e2543158ce Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:53:00 +03:00
Vasiliy Burov 47d6122298 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:46:51 +03:00
Vasiliy Burov a39d453792 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:42:51 +03:00
Vasiliy Burov 1320e0b733 Update powershell_cmdline_reversed_strings.yml 2020-10-11 23:40:12 +03:00
Vasiliy Burov 2d88000fdf Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:38:07 +03:00
Vasiliy Burov 5c4adbb24e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:33:57 +03:00
Vasiliy Burov da14df6c9f Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:29:37 +03:00
Vasiliy Burov b80f0f6478 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:18:23 +03:00
Vasiliy Burov fb5748254e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:45:32 +03:00
Vasiliy Burov ef17d168bd Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:34:47 +03:00
Vasiliy Burov ce2767b10e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:47:07 +03:00
Vasiliy Burov 6e4f8bdd53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:35:15 +03:00
Vasiliy Burov 6cc1a5e767 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:27:24 +03:00
Vasiliy Burov 03ebc36a11 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:23:12 +03:00
Vasiliy Burov d16770aee4 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:19:23 +03:00
Vasiliy Burov 82c7edfd68 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:14:45 +03:00
Vasiliy Burov 2385d06221 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:09:21 +03:00
Vasiliy Burov 6094fd4e9c [OSCD] Create powershell_cmdline_specific_comb_methods.yml 2020-10-11 20:56:45 +03:00
Bartlomiej Czyz 94efeda45d modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature 2020-10-11 19:11:54 +02:00
Vasiliy Burov 64b07ff51a Update powershell_cmdline_reversed_strings.yml 2020-10-11 19:42:39 +03:00
Vasiliy Burov c868ef655c Update powershell_cmdline_reversed_strings.yml 2020-10-11 17:37:07 +03:00
Vasiliy Burov 7aaf4654cd Rename powershell_cmdline_reversed_strings to powershell_cmdline_reversed_strings.yml 2020-10-11 17:28:56 +03:00
Vasiliy Burov 00f5d1ec92 Update powershell_cmdline_reversed_strings 2020-10-11 17:24:46 +03:00
Vasiliy Burov 51f00c153c Update powershell_cmdline_reversed_strings 2020-10-11 17:18:15 +03:00
Vasiliy Burov dd9c29377b Update powershell_cmdline_reversed_strings 2020-10-11 17:11:58 +03:00
Vasiliy Burov 8f2ddc632e Create powershell_cmdline_reversed_strings 2020-10-11 17:02:02 +03:00
Bartlomiej Czyz a5dea8c596 [OSCD] Fix powershell_icmp_exfiltration.yml references, add newline at the end of the file #1013 2020-10-10 23:08:39 +02:00
Bartlomiej Czyz 6dcd4a6c6d [OSCD] Create powershell_icmp_exfiltration.yml #1013 2020-10-10 23:05:31 +02:00
Nikita P. Nazarov 414c98e7ba Detects Obfuscated Powershell via use Clip.exe in Scripts 2020-10-09 19:37:07 +03:00
Nikita Nazarov 02e826def3 Update powershell_invoke_obfuscation_via_use_mhsta.yml 2020-10-09 16:29:20 +03:00
Nikita Nazarov 31095033ab Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-09 16:25:59 +03:00
Nikita P. Nazarov 27410d3c8e Detects Obfuscated Powershell via use MSHTA in Scripts 2020-10-08 18:19:59 +03:00
Nikita Nazarov 80a3a6c048 Update powershell_invoke_obfuscation_via_use_rundll32.yml 2020-10-08 17:52:01 +03:00