security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f04419c730e9eae582d8b1886424cdcce098163e
blue-team-tools/rules
T
History
phantinuss f04419c730 Merge PR #4470 From phantinuss - Fix FPs Found In Testing 
fix: Generic Password Dumper Activity on LSASS - FP with GoogleUpdate.exe
fix: Rundll32 Execution Without DLL File - FP with another zzzzInvokeManagedCustomActionOutOfProc MSI installer
fix: Suspicious Shim Database Installation via Sdbinst.EXE - FP with being started as a background service
fix: Potential CVE-2023-36874 Exploitation - Fake Wermgr.Exe Creation - FP with $WinREAgent folder
fix: Files With System Process Name In Unsuspected Locations - FP with wuaucltcore

---------

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
2023-10-09 00:07:56 +02:00
..
application
fix:F multiple 404 links in references (#4332)
2023-06-26 10:10:04 +01:00
category
feat: map antivirus categoriy to Windows Defender logs
2023-05-19 14:27:56 +02:00
cloud
Merge PR #4461 from @WTFender - Create AWS rule aws_sso_idp_change.yml
2023-09-29 16:37:01 +02:00
compliance
feat: filename test enhancements (#3812)
2022-12-23 09:25:16 +01:00
linux
Merge PR #4458 from @Mladia - Update Coverage
2023-09-27 10:27:45 +02:00
macos
Merge pull request #4155 from D4rkCiph3r/patch-5
2023-08-23 08:57:45 +02:00
network
Update net_dns_wannacry_killswitch_domain.yml
2023-06-26 13:31:05 -04:00
web
Merge PR #4417 from @ThureinOo - Update SQL injections
2023-09-06 11:19:10 +02:00
windows
Merge PR #4470 From phantinuss - Fix FPs Found In Testing
2023-10-09 00:07:56 +02:00
README.md
chore: move more rules
2023-04-21 15:01:48 +02:00

README.md

TBD

Reference in New Issue View Git Blame Copy Permalink