security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c7b5eb65b0c7fcb58cdc7e9fd5a4decd3297d17e
blue-team-tools/rules/web
T
History
Nasreddine Bencherchali 7327dd53e5 New/Update Rules 
- Renamed "sql_injection_keywords.yml" to "web_sql_injection_keywords.yml" to conform with the rest of the rule in the WEB directory
- Renamed "xss_keywords.yml" to "web_xss_keywords.yml" to conform with the rest of the rule in the WEB directory
- Renamed "proc_create_win_msdt_susp_parent.yml" to "proc_creation_win_msdt_susp_parent.yml" to conform with other process creation rules
-  Renamed "proc_create_win_sdiagnhost_susp_child.yml" to "proc_creation_win_sdiagnhost_susp_child.yml" to conform with other process creation rules
- Moved the rule "win_powershell_snapins_hafnium.yml" to process_creation folder instead of the WEB folder
- Created "web_susp_windows_path_uri.yml" to detect URI that contains susp windows paths
- Updated the description "web_webshell_keyword.yml" and added 3 more cases
-  Created "file_event_win_cve_2021_44077_poc_default_files.yml" to detect the default dropped file from the POC of CVE-2021-44077 (Showcased in the DFIR report)
- Created "proc_creation_win_renamed_plink.yml" to detect renamed usage of "Plink"
2022-06-06 21:16:52 +01:00
..
web_apache_segfault.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_apache_threading_error.yml
chore: test rules: capitalization on FP list entries
2022-05-09 16:07:44 +02:00
web_arcadyan_router_cve_2021_20090_2021_20091_exploit.yml
chore: test rules: reactivate single value list check
2022-05-10 17:13:04 +02:00
web_citrix_cve_2019_19781_exploit.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_citrix_cve_2020_8193_8195_exploit.yml
refactor: change all " of them" expressions
2022-01-11 10:59:57 +01:00
web_cve_2010_5278_exploitation_attempt.yml
chore: test rules: reactivate single value list check
2022-05-10 17:13:04 +02:00
web_cve_2018_2894_weblogic_exploit.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2019_3398_confluence.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_cve_2020_0688_msexchange.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_cve_2020_3452_cisco_asa_ftd.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2020_5902_f5_bigip.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_cve_2020_14882_weblogic_exploit.yml
remove invalid tag
2022-01-19 18:23:30 +01:00
web_cve_2021_2109_weblogic_rce_exploit.yml
Add cve tags
2021-10-25 18:40:50 +02:00
web_cve_2021_21978_vmware_view_planner_exploit.yml
fix: none --> Unknown
2022-03-16 14:19:21 +01:00
web_cve_2021_22005_vmware_file_upload.yml
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
web_cve_2021_22893_pulse_secure_rce_exploit.yml
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
web_cve_2021_26814_wzuh_rce.yml
fix: none --> Unknown
2022-03-16 14:19:21 +01:00
web_cve_2021_26858_iis_rce.yml
Add "\" to "Image|endswith" modifier
2022-06-02 13:39:07 +01:00
web_cve_2021_33766_msexchange_proxytoken.yml
refactor: add 500 status code in selection2
2021-08-30 16:12:42 +02:00
web_cve_2021_40539_adselfservice.yml
Update web_cve_2021_40539_adselfservice.yml
2021-09-20 15:51:21 +02:00
web_cve_2021_40539_manageengine_adselfservice_exploit.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_cve_2021_41773_apache_path_traversal.yml
Fix optional section name
2021-11-27 11:27:40 +01:00
web_cve_2021_42237_sitecore_report_ashx.yml
fix: remove penetration test as valid false positive reason
2022-03-16 14:33:18 +01:00
web_cve_2021_43798_grafana.yml
rule: Grafana CVE-2021-43798
2021-12-08 12:01:59 +01:00
web_cve_2021_44228_log4j_fields.yml
fix: avoid Microsoft Defender detections
2022-02-06 08:56:54 +01:00
web_cve_2021_44228_log4j.yml
fix: FPs noticed in THOR testing
2022-02-21 10:15:27 +01:00
web_exchange_cve_2020_0688_exploit.yml
Simple Quote
2022-01-11 13:40:53 +01:00
web_exchange_exploitation_hafnium.yml
refactor: change all " of them" expressions
2022-01-11 10:59:57 +01:00
web_exchange_proxyshell_successful.yml
rules: ProxyShell refactoring and new rule
2021-08-09 17:57:34 +02:00
web_exchange_proxyshell.yml
fix: typo in description
2021-08-12 10:11:17 +02:00
web_expl_exchange_cve_2021_28480.yml
Spelling Errors on Rules
2021-08-18 18:58:20 +00:00
web_fortinet_cve_2018_13379_preauth_read_exploit.yml
Change status to test
2022-01-07 07:04:24 +01:00
web_fortinet_cve_2021_22123_exploit.yml
fix: referrer > referer adjustments
2021-12-13 15:47:43 +01:00
web_iis_tilt_shortname_scan.yml
fix id
2021-10-06 17:53:16 +02:00
web_java_in_access_log.yml
refactor: new expr from honeypot, increased level
2022-06-06 17:32:08 +02:00
web_jndi_exploit.yml
rule: JNDIExploit
2021-12-12 13:16:05 +01:00
web_multiple_susp_resp_codes_single_source.yml
Renamed suspicious in filenames to susp
2022-05-19 09:37:04 +02:00
web_nginx_core_dump.yml
refactor: first bigger log source refactoring
2022-03-22 17:58:29 +01:00
web_path_traversal_exploitation_attempt.yml
fix: remove penetration testing as a valid false positive
2022-03-16 13:51:26 +01:00
web_pulsesecure_cve_2019_11510.yml
Change status for old rules
2021-11-27 11:33:14 +01:00
web_solarwinds_cve_2020_10148.yml
Change status to test
2022-01-07 07:04:24 +01:00
web_solarwinds_supernova_webshell.yml
Split PR 1802 fix net rules
2021-08-09 17:23:15 +02:00
web_sonicwall_jarrewrite_exploit.yml
Merging upstream updates
2021-07-01 12:18:30 +05:45
web_source_code_enumeration.yml
fix: unknown --> Unknown
2022-03-16 13:43:54 +01:00
web_sql_injection_keywords.yml
New/Update Rules
2022-06-06 21:16:52 +01:00
web_susp_windows_path_uri.yml
New/Update Rules
2022-06-06 21:16:52 +01:00
web_terramaster_cve_2020_28188_rce_exploit.yml
Add cve tags
2021-10-25 18:40:50 +02:00
web_unc2546_dewmode_php_webshell.yml
refactor: change all " of them" expressions
2022-01-11 10:59:57 +01:00
web_vsphere_cve_2021_21972_unauth_rce_exploit.yml
Split PR 1802 fix net rules
2021-08-09 17:23:15 +02:00
web_webshell_keyword.yml
New/Update Rules
2022-06-06 21:16:52 +01:00
web_xss_keywords.yml
New/Update Rules
2022-06-06 21:16:52 +01:00
win_webshell_regeorg.yml
chore: test rules: capitalization on FP list entries
2022-05-09 16:07:44 +02:00