security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aabd6efbc1b748b20d46d2b906c2eac2f08b0979
blue-team-tools/rules/windows
T
History
Nasreddine Bencherchali aabd6efbc1 Create proc_creation_win_susp_service_dacl_modification_set_service.yml 
Add variation of the technique described in the rule 99cf1e02-00fb-4c0d-8375-563f978dfd37 using the "set-service" cmdlet
2022-10-20 11:57:24 +02:00
..
builtin
Merge pull request #3602 from nasbench/nasbench-rule-devel
2022-10-20 10:28:56 +02:00
create_remote_thread
fix: filter definition
2022-09-29 14:07:38 +02:00
create_stream_hash
refactor: JuicyPotatoNG imphashes
2022-10-06 08:30:48 +02:00
dns_query
Fix related
2022-10-09 17:28:05 +02:00
driver_load
Add New Vuln Driver
2022-10-20 11:55:36 +02:00
file
Update Hacktool Rules
2022-10-20 11:55:59 +02:00
image_load
fix: FPs on test machine
2022-10-18 16:39:04 +02:00
network_connection
old experimental rule promotion
2022-10-09 16:54:04 +02:00
pipe_created
Fix FP Found In Testing
2022-10-10 17:33:14 +02:00
powershell
Merge pull request #3602 from nasbench/nasbench-rule-devel
2022-10-20 10:28:56 +02:00
process_access
fix: FPs on test system
2022-10-19 15:44:00 +02:00
process_creation
Create proc_creation_win_susp_service_dacl_modification_set_service.yml
2022-10-20 11:57:24 +02:00
raw_access_thread
fix: FPs with THOR
2022-03-15 18:05:42 +01:00
registry
fix: FPs on test machine
2022-10-18 16:39:04 +02:00
sysmon
old experimental rule promotion
2022-10-09 16:54:04 +02:00
wmi_event
old experimental rule promotion
2022-10-09 16:54:04 +02:00