security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,892 Commits 1 Branch 57 Tags
fefb8564717d69af72ededb4172bc7ec00aac734
Commit Graph

7892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Vasiliy Burov da14df6c9f Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:29:37 +03:00
Vasiliy Burov b80f0f6478 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 23:18:23 +03:00
Yugoslavskiy Daniil e52baddda2 improve descriptin 2020-10-11 22:11:03 +02:00
Yugoslavskiy Daniil 7dec19afca add macos_create_hidden_account.yml; part of the oscd initiative task number 63 of the issue #1012 2020-10-11 22:01:05 +02:00
Vasiliy Burov fb5748254e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:45:32 +03:00
Vasiliy Burov ef17d168bd Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 22:34:47 +03:00
Vasiliy Burov ce2767b10e Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:47:07 +03:00
Vasiliy Burov 6e4f8bdd53 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:35:15 +03:00
Vasiliy Burov 6cc1a5e767 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:27:24 +03:00
Vasiliy Burov 03ebc36a11 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:23:12 +03:00
Vasiliy Burov d16770aee4 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:19:23 +03:00
Vasiliy Burov 82c7edfd68 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:14:45 +03:00
Vasiliy Burov 2385d06221 Update powershell_cmdline_specific_comb_methods.yml 2020-10-11 21:09:21 +03:00
Furkan ÇALIŞKAN edb5b7718e Deleted a part of an already-defined rule 
Lolbin rule for explorer.exe proxy execution;

Test scenario;

cd c:\windows\system32
explorer.exe calc.exe
(pops calc.exe) as in https://twitter.com/bohops/status/986984122563391488/photo/1
 2020-10-11 21:08:17 +03:00
Vasiliy Burov 6094fd4e9c [OSCD] Create powershell_cmdline_specific_comb_methods.yml 2020-10-11 20:56:45 +03:00
S.kiran kumar c76eede1b8 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:11:09 +05:30
yugoslavskiy 0966d24031 Merge pull request #1033 from JPMinty/oscd 
Create rules-unsupported/win_remote_schtask.yml
 2020-10-11 19:39:33 +02:00
yugoslavskiy 4548da7fb9 Merge pull request #1034 from JPMinty/Remote_Service 
unsupported-rules/win_remote_service.yml
 2020-10-11 19:38:00 +02:00
S.kiran kumar fbf5d2fdc4 Update silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:07:41 +05:30
S.kiran kumar bddbe68235 Create silenttrinity_stager_communicating_to_c2.yml 2020-10-11 23:02:03 +05:30
S.kiran kumar 6b0b779480 Delete sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 23:00:52 +05:30
Bartlomiej Czyz 94efeda45d modify powershell_malicious_commandlets.yml to leverage ScriptBlock logging feature 2020-10-11 19:11:54 +02:00
S.kiran kumar 6b10b998c9 Update sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:38:30 +05:30
uncleP@sk 435f052f75 some typos fixing 2020-10-11 19:45:46 +03:00
Vasiliy Burov 64b07ff51a Update powershell_cmdline_reversed_strings.yml 2020-10-11 19:42:39 +03:00
S.kiran kumar 476ed7ec2d Rename silenttrinity _stager _communication _c2.yml to sysmon_silenttrinity _stager _communication _c2.yml 2020-10-11 22:03:24 +05:30
S.kiran kumar 545a8c06ed Rename Silenttrinity _Stager _Communication _C2.yml to silenttrinity _stager _communication _c2.yml 2020-10-11 21:53:45 +05:30
Alejandro Ortuno d17faf8234 Local groups discovery sigma rules 2020-10-11 18:15:53 +02:00
S.kiran kumar 9825b42de0 Rename Silenttrinity Stager Communication C2.yml to Silenttrinity _Stager _Communication _C2.yml 2020-10-11 21:38:19 +05:30
S.kiran kumar a5bf538ad1 Rename Silenttrinity _Stager _Communication _To _C2.yml to Silenttrinity Stager Communication C2.yml 2020-10-11 21:34:55 +05:30
Alejandro Ortuno 3358dd47ea macos local account creation 2020-10-11 17:56:29 +02:00
S.kiran kumar 7a4c2c5db5 Rename Silenttrinity Stager Communication To C2 to Silenttrinity _Stager _Communication _To _C2.yml 2020-10-11 21:16:45 +05:30
S.kiran kumar 28ccbe9034 Rename Silenttrinity stager communication to c2 to Silenttrinity Stager Communication To C2 2020-10-11 21:00:00 +05:30
S.kiran kumar f82d163ded Update Silenttrinity stager communication to c2 2020-10-11 20:33:08 +05:30
Bartlomiej Czyz 8ae42bca7c fix description & ParentImage -> Image modification to comply with reg events constraints 2020-10-11 17:02:39 +02:00
S.kiran kumar f8c229bbf8 Update Silenttrinity stager communication to c2 2020-10-11 20:29:30 +05:30
S.kiran kumar e5fd37aea6 Update Silenttrinity stager communication to c2 2020-10-11 20:25:49 +05:30
Vasiliy Burov c868ef655c Update powershell_cmdline_reversed_strings.yml 2020-10-11 17:37:07 +03:00
Vasiliy Burov 7aaf4654cd Rename powershell_cmdline_reversed_strings to powershell_cmdline_reversed_strings.yml 2020-10-11 17:28:56 +03:00
Vasiliy Burov 00f5d1ec92 Update powershell_cmdline_reversed_strings 2020-10-11 17:24:46 +03:00
Vasiliy Burov 51f00c153c Update powershell_cmdline_reversed_strings 2020-10-11 17:18:15 +03:00
S.kiran kumar 8a87fc35b2 Update win_susp_security_eventlog_cleared.yml 2020-10-11 19:48:07 +05:30
S.kiran kumar 672bf99c6b Silenttrinity stager communication to c2 2020-10-11 19:45:58 +05:30
Vasiliy Burov dd9c29377b Update powershell_cmdline_reversed_strings 2020-10-11 17:11:58 +03:00
Vasiliy Burov 8f2ddc632e Create powershell_cmdline_reversed_strings 2020-10-11 17:02:02 +03:00
Bartlomiej Czyz 2370730952 create sysmon_modify_screensaver_binary_path.yml 2020-10-11 14:31:06 +02:00
Alejandro Ortuno 418a9d5a02 Use endswith with processname 2020-10-11 09:37:08 +02:00
JPMinty 21284c2c92 Added selection criteria + moved to Unsupported rule 2020-10-11 12:48:48 +10:30
JPMinty 10f5c38b20 Added conditional description + moved to unsupported-rules 2020-10-11 12:40:24 +10:30
Bartlomiej Czyz a5dea8c596 [OSCD] Fix powershell_icmp_exfiltration.yml references, add newline at the end of the file #1013 2020-10-10 23:08:39 +02:00