security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4355ece230d68c36f08ebd53d5408ec5f8d629cc
blue-team-tools/.github
T
History
Nasreddine Bencherchali f61f66e745 Merge PR #5733 from @nasbench - fix windash issues and some renames 
fix: Office Macro File Download - Reduce level to low due to FPs spotted via VT.
fix: Suspicious CustomShellHost Execution - Increased level to high due to low FP rate spotted via VT.
fix: Explorer Process Tree Break - Fix incorrect usage of windash with the all modifier, that broke the logic.
fix: MSDT Execution Via Answer File - Rename rule as well as introduce usage of windash for increased coverage.
fix: Capture Credentials with Rpcping.exe - Fix incorrect usage of windash with the all modifier, that broke the logic.
fix: Wlrmdr.EXE Uncommon Argument Or Child Process - Fix incorrect usage of windash with the all modifier, that broke the logic.

---------

Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com>
2025-11-10 12:12:34 +01:00
..
ISSUE_TEMPLATE
chore: fix typo as suggested in #5472
2025-06-12 12:41:09 +02:00
workflows
Merge PR #5726 from @phantinuss - chore: ci: add merge_group trigger to CI jobs
2025-10-27 12:58:32 +01:00
FUNDING.yml
Create FUNDING.yml
2022-05-13 08:20:30 +02:00
labeler.yml
Merge PR #5733 from @nasbench - fix windash issues and some renames
2025-11-10 12:12:34 +01:00
latest_archiver_output.md
Merge PR #5737 from @nasbench - Archive new rule references and update cache file
2025-11-02 00:10:54 +01:00
PULL_REQUEST_TEMPLATE.md
Merge PR #4957 from @peterydzynski - Update regex for Powershell Token Obfuscation rules
2024-08-10 13:26:42 +02:00