blue-team-tools/rules/macos/process_creation at 1c8c9d4ff2f5fbf692153998597e18e6aaabc067 - blue-team-tools - GreySec Git

security-tools/blue-team-tools

Files

T

History

$frack113$ frack113 8de0027ca3 refactor condition

2022-06-03 15:35:24 +02:00

..

proc_creation_macos_applescript.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_base64_decode.yml

refactor condition

2022-06-03 15:35:24 +02:00

proc_creation_macos_binary_padding.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_change_file_time_attr.yml

…

proc_creation_macos_clear_system_logs.yml

…

proc_creation_macos_create_account.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_create_hidden_account.yml

…

proc_creation_macos_creds_from_keychain.yml

…

proc_creation_macos_disable_security_tools.yml

…

proc_creation_macos_file_and_directory_discovery.yml

…

proc_creation_macos_find_cred_in_files.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_gui_input_capture.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_local_account.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_local_groups.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_network_service_scanning.yml

…

proc_creation_macos_network_sniffing.yml

…

proc_creation_macos_remote_system_discovery.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_schedule_task_job_cron.yml

chore: test rules: reactivate single value list check

2022-05-10 17:13:04 +02:00

proc_creation_macos_screencapture.yml

…

proc_creation_macos_security_software_discovery.yml

…

proc_creation_macos_space_after_filename.yml

…

proc_creation_macos_split_file_into_pieces.yml

…

proc_creation_macos_susp_histfile_operations.yml

chore: test rules: warn on errors or invalid FP reasons

2022-05-09 16:07:55 +02:00

proc_creation_macos_susp_macos_firmware_activity.yml

Renamed suspicious in filenames to susp

2022-05-19 09:37:04 +02:00

proc_creation_macos_system_network_connections_discovery.yml

…

proc_creation_macos_system_network_discovery.yml

…

proc_creation_macos_system_shutdown_reboot.yml

…

proc_creation_macos_xattr_gatekeeper_bypass.yml

…