security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

5864 Commits

Author SHA1 Message Date
Ivan Dyachkov cf399927e1 uncommented tags 2020-10-15 10:52:54 +03:00
Ivan Dyachkov 5a9c368e9c fixed tags, image search 2020-10-15 10:51:15 +03:00
Vasilisa-L 688e85aefc chertovy testy, prohoditezz 2020-10-15 10:21:01 +03:00
OpalSec 762840ec25 Creation of Rules for Task 25 - Invoke-Obfuscation STDIN+ Launcher 2020-10-15 17:59:36 +11:00
OpalSec efe8773753 Create win_invoke_obfuscation_clip+.yml 2020-10-15 17:56:41 +11:00
OpalSec 109fb4f493 Create win_invoke_obfuscation_clip+_services.yml 2020-10-15 17:53:16 +11:00
OpalSec df7bd91ffb Create powershell_invoke_obfuscation_clip+.yml 2020-10-15 17:50:27 +11:00
invrep-de 3be21d5478 Some minor formatting updates; 
Formatting updates;
 2020-10-14 16:55:52 -04:00
invrep-de 8f28c16d6e Some further updates to fix spacing; 
Some further updates to fix spacing;
 2020-10-14 15:42:19 -04:00
invrep-de 637065fd97 Some minor updates to address spacing; 
Some further minor updates to address spacing;
 2020-10-14 15:41:31 -04:00
invrep-de 2672b10808 Some minor restructuring to incorporate the feedback from the oscd team; 
Some minor restructuring to incorporate the feedback from the oscd team;
 2020-10-14 15:37:15 -04:00
uchakin a7e5b0ac40 Some fixes for rules 2020-10-14 19:06:59 +03:00
S.kiran kumar 20a54d86b1 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 19:49:39 +05:30
omkargudhate22 2e2b2c2393 removed backslash 2020-10-14 19:44:31 +05:30
Vasilisa-L d0b2c021ce attack.t1059.001 try 2 2020-10-14 16:57:58 +03:00
Ivan Dyachkov 24eb0b92be commented tags 2020-10-14 16:56:52 +03:00
Ivan Dyachkov f005a74c49 commented tags 2020-10-14 16:56:10 +03:00
Ivan Dyachkov f2f7216378 commented tags 2020-10-14 16:32:24 +03:00
Ivan Dyachkov a8d5ddd93d commented tags 2020-10-14 16:31:00 +03:00
Vasilisa-L b1aa50ebcd T1059.001 added 2020-10-14 16:27:46 +03:00
omkargudhate22 2e52cb7f86 Update sysmon_susp_script_dotnet_clr_dll_load.yml 2020-10-14 18:47:25 +05:30
Ivan Dyachkov d58d55668f fixed tags 2020-10-14 16:00:50 +03:00
Ivan Dyachkov e50306f549 edited 2020-10-14 16:00:08 +03:00
Ivan Dyachkov b24bec6c6c delete diskshadow 2020-10-14 15:55:24 +03:00
Ivan Dyachkov 3f932e4252 #1014 2020-10-14 15:51:32 +03:00
omkargudhate22 23098d042c Update sysmon_susp_clr_logs.yml 2020-10-14 18:11:49 +05:30
omkargudhate22 75ee2e0f47 Update sysmon_susp_clr_logs.yml 2020-10-14 18:10:42 +05:30
omkargudhate22 f123a51d42 contains all condition 2020-10-14 17:34:01 +05:30
omkargudhate22 8e792f95ab removed regex 2020-10-14 17:31:38 +05:30
omkargudhate22 90725564c6 separated & changed conditions 2020-10-14 17:29:45 +05:30
Ivan Dyachkov fa55803545 fixed spaces and tabs 2020-10-14 13:33:27 +03:00
uncleP@sk 947fa79dd3 vsjitdebugger detection added 2020-10-14 13:29:25 +03:00
Ivan Dyachkov 22d5acde10 New rule 2020-10-14 13:28:41 +03:00
uncleP@sk 8fdca7853c te.exe LOLbin detection 2020-10-14 13:02:45 +03:00
Ivan Dyachkov cf9b040600 fixed description, tags 2020-10-14 12:08:22 +03:00
S.kiran kumar 0d25660624 Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 14:13:20 +05:30
Alejandro Ortuno 2ef52dbfd8 Initial Sigma Rule 2020-10-14 10:24:59 +02:00
Alejandro Ortuno bf8426d71b Initial commit of sigma rule 2020-10-14 10:14:00 +02:00
S.kiran kumar 2fa7ae2c1c Update silenttrinity_stager_msbuild_activity.yml 2020-10-14 13:04:49 +05:30
Ivan Dyachkov c0e70106fa Fixed att&ck, deleted commandline key "exec" (does not works without interactive mode so there is no commandline appear) 2020-10-14 10:15:06 +03:00
uncleP@sk 196debf0ad description + author fields fixed 2020-10-14 10:12:34 +03:00
uncleP@sk 2f06c30760 empty line + authors fixed 2020-10-14 10:06:34 +03:00
Alejandro Ortuno 75a05db446 Add slash to bypass testing 2020-10-14 08:50:15 +02:00
remotephone@gmail.com 8e7fbbd147 fixing UUID and description 2020-10-14 00:54:51 -05:00
remotephone@gmail.com ed22c8e0fe adding macos screencapture rule 2020-10-14 00:51:55 -05:00
remotephone@gmail.com 8bbde90328 adding line at end of file 2020-10-14 00:05:28 -05:00
remotephone@gmail.com 3cddb86b70 updating tags 2020-10-14 00:01:30 -05:00
remotephone@gmail.com 7343936653 adding gui input capture, first iteration 2020-10-13 23:59:53 -05:00
S.kiran kumar 6b25378a61 Removed * operator 2020-10-14 10:07:16 +05:30
S.kiran kumar 4fa6ca01ef Changed category. 2020-10-14 10:05:41 +05:30