security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

850 Commits

Author SHA1 Message Date
yugoslavskiy e1fd69f548 Merge pull request #1179 from SanWieb/OSCD_regedit_3 
[OSCD] regedit.exe LOLbas 72 [3]
 2021-01-06 00:16:45 +03:00
yugoslavskiy f2c6011c6b Merge pull request #1126 from skirankumar/master 
[OSCD]Sysmon_silenttrinity_stager_msbuild_activity.yml
 2021-01-05 23:14:20 +03:00
Daniel Masse fedda17231 Update the azure image_load rule to be a generic sysmon rule 2020-12-23 16:29:49 -05:00
Daniel Masse e4c052154d Remove unneeded file 2020-12-23 14:30:24 -05:00
yugoslavskiy 0414d7a498 Merge branch 'oscd' into master 2020-11-30 02:04:03 +01:00
Jonhnathan a9fde0117b Merge branch 'oscd' into oscd_rules_improvement 2020-11-28 14:52:31 -03:00
mat b3e36281b5 fix reference field + add test for references in plural form 2020-11-27 10:17:45 +01:00
Jonhnathan 0606cd3dde Update detection Logic 2020-11-20 02:10:27 -03:00
Jonhnathan ebb4580378 Remove additional backlash 2020-11-20 02:04:28 -03:00
S.kiran kumar b5e07f0a37 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 17:00:50 +05:30
S.kiran kumar 708fe7f8fa Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:33 +05:30
S.kiran kumar 630365cb4b Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 14:13:11 +05:30
S.kiran kumar 6c5bb72491 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:28:04 +05:30
S.kiran kumar d7e9a87feb Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 12:10:46 +05:30
S.kiran kumar 02ce1196c3 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:58:32 +05:30
S.kiran kumar 2469ad14d8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-26 11:47:21 +05:30
S.kiran kumar 15a6352da6 Removed event ID 2020-10-24 17:40:29 +05:30
S.kiran kumar ca5e86c850 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:14:07 +05:30
S.kiran kumar 7db0351d6d Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:11:55 +05:30
S.kiran kumar e474c26c90 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:07:31 +05:30
S.kiran kumar e8611ca0a7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 20:00:19 +05:30
S.kiran kumar 7ba3d7a9c8 Update silenttrinity_stager_msbuild_activity.yml 2020-10-21 19:58:13 +05:30
S.kiran kumar 7fbaacabb0 Mitre attck tags chages 2020-10-20 23:20:34 +05:30
S.kiran kumar 31ad3fcd6b Mitre tags changed 2020-10-18 08:08:25 +05:30
Jonhnathan d7eda3fe7e Update sysmon_wmi_susp_scripting.yml 2020-10-15 20:15:22 -03:00
Jonhnathan 92aaeca075 Update sysmon_susp_powershell_rundll32.yml 2020-10-15 20:14:23 -03:00
Jonhnathan 26b36086c7 Update sysmon_cmstp_execution.yml 2020-10-15 20:13:39 -03:00
Jonhnathan df81f5180d Update sysmon_cactustorch.yml 2020-10-15 20:12:54 -03:00
S.kiran kumar 26af11985a Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 21:50:34 +05:30
S.kiran kumar 61ded7e0d7 Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 19:22:41 +05:30
S.kiran kumar 0cb340a718 Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 19:00:24 +05:30
Sander a8b31dfa5e Fixed field typo 2020-10-15 15:27:11 +02:00
S.kiran kumar b1b77c15ad Update silenttrinity_stager_msbuild_activity.yml 2020-10-15 18:50:24 +05:30
Sander 02d49c091a Created rule regedit export to ads 2020-10-15 14:20:15 +02:00
S.kiran kumar 20a54d86b1 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 19:49:39 +05:30
S.kiran kumar 0d25660624 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 14:13:20 +05:30
S.kiran kumar 2fa7ae2c1c Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 13:04:49 +05:30
S.kiran kumar 6b25378a61 Removed * operator 2020-10-14 10:07:16 +05:30
S.kiran kumar 4fa6ca01ef Changed category. 2020-10-14 10:05:41 +05:30
Thomas Patzke f7c440b097 Merge pull request #1065 from nsaddler/oscd1 
[OSCD] Accessing WinAPI in PowerShell. Credentials dumping Rule added
 2020-10-13 22:33:14 +02:00
Thomas Patzke 0914c03acb Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-13 22:32:55 +02:00
Roberto Rodriguez 2cb540f95e 13 Rules from THP - Backlog Rules (old) 2020-10-13 03:33:55 -04:00
cyb3rward0g 354b6a9822 update - GitHub Action / Test Sigma 2020-10-12 23:07:02 -04:00
cyb3rward0g 72f35377b3 update - GitHub Action / Test Sigma 2020-10-12 22:11:01 -04:00
cyb3rward0g 644f222079 update - GitHub Action / Test Sigma 2020-10-12 21:58:02 -04:00
cyb3rward0g 491049b92a Updated - GitHub Action / Test Sigma 2020-10-12 21:34:07 -04:00
cyb3rward0g 21f41eaad9 16 rules from DH APT29 day 1 - contributing soon 2020-10-12 18:13:13 -04:00
cyb3rward0g 104b40ce8f 10 rules from THP - contributing soon 2020-10-12 15:42:34 -04:00
S.kiran kumar bd5e7fda14 Update silenttrinity_stager_msbuild_activity.yml 2020-10-12 21:26:44 +05:30
nsaddler e94a47b9d3 Update sysmon_accessing_winapi_in_powershell_credentials_dumping.yml 2020-10-12 18:33:43 +03:00