blue-team-tools

Files

T

4A616D6573 a7a753862c Update win_susp_net_execution.yml

Added:

1. Additional tags for techniques as defined by Atomic Blue.
2. Detection for OriginalFileName as net.exe can easily be renamed.

Part of oscd.community effort.

2019-10-25 12:06:32 +11:00

application

Fixes for Elasticsearch query correctness CI tests

2018-04-09 22:33:29 +02:00

apt

Fixed wrong backslash escaping of *

2019-10-07 22:14:44 +02:00

compliance

Added level

2019-08-05 19:51:22 +02:00

linux

rule: modified sudo vuln rule to be most generic

2019-10-20 14:02:10 +02:00

network

Merge pull request #315 from P4T12ICK/feature/net_dnc_c2_detection

2019-05-10 00:12:39 +02:00

proxy

rule: proxy ua unknown zero day implant

2019-09-24 18:24:48 +02:00

web

Web Source Code Enumeration via .git

2019-06-08 22:40:28 -04:00

windows

Update win_susp_net_execution.yml

2019-10-25 12:06:32 +11:00