valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,020 Commits 20 Branches 25 Tags 21 MiB
24e17a9c50
Commit Graph

67 Commits

Author SHA1 Message Date
Florian Roth
454ba2b576 rule: modified sudo vuln rule to be most generic 2019-10-20 14:02:10 +02:00
Florian Roth
08ff2f38bc Revert "rule: modified sudo vuln rule to be most generic" 
This reverts commit ef6a25d109.
 2019-10-20 14:01:14 +02:00
Florian Roth
ef6a25d109 rule: modified sudo vuln rule to be most generic 2019-10-20 10:37:05 +02:00
Thomas Patzke
522f021ef1
Merge pull request #461 from Galapag0s/patch-2 
Added Additional history clearing options
 2019-10-16 22:35:41 +02:00
Florian Roth
36f678930d rule: updated sudo vuln rule to detect 0-padding part 2 
https://twitter.com/joshbressers/status/1184455759620378627
 2019-10-16 15:10:44 +02:00
Florian Roth
5374d18e4b rule: updated sudo vuln rule to detect 0-padding 
https://twitter.com/taviso/status/1184238670343065600
 2019-10-16 15:03:28 +02:00
Florian Roth
921a39f1e3 rule: extended sudo rule with variant for USER field 2019-10-15 14:55:09 +02:00
Florian Roth
96d77447d2 rule: added reference and mitre tags 2019-10-15 09:44:17 +02:00
Florian Roth
49ed76004c rule: sudo priv esc vuln CVE-2019-14287 2019-10-15 09:39:08 +02:00
Galapag0s
1e4ef648db
Added Additional history clearing options 
history -w will clear the current shell history
shred purposely overwrites data replacing it with random data
 2019-09-26 12:53:13 -04:00
Galapag0s
ccdda5e82b
Update lnx_shell_priv_esc_prep.yml 2019-09-06 11:29:42 -04:00
Galapag0s
23021aa110
Added Sticky Bits 
Attackers may look to exploit binaries with the sticky bits enabled.  By being able to run a binary as a different user or group, they may be able to run separate commands as an elevated user.
 2019-09-06 11:25:48 -04:00
Florian Roth
f5a8a81ff7 fix: linux cmds rule 2019-07-02 15:22:26 +02:00
petermmm
b6c4e64a9b fixed attack category number 2->3 2019-05-12 11:59:13 +02:00
petermmm
2778558ae3 added rule .bash_profile and .bashrc T1156 2019-05-12 02:07:13 +02:00
Thomas Patzke
46c789105b Fix and ordering 2019-05-10 00:08:26 +02:00
patrick
ca4b710c01 Added Sigma Use Case detecting Privilege Escalation Preparation in Linux 2019-04-07 15:36:19 +02:00
Florian Roth
2b814011cd
Merge pull request #287 from P4T12ICK/feature/lnx-clear-cmd-history-signature 
Add new signature for linux clear command history
 2019-04-03 19:45:06 +02:00
Florian Roth
6cc1770351
Merge pull request #294 from Pr0t3an/patch-3 
Update lnx_shell_susp_rev_shells.yml
 2019-04-03 01:07:07 +02:00
Florian Roth
b76925f838 Rule: extending rule with /dev/udp 2019-04-02 20:09:13 +02:00
Pr0t3an
d067087632
Update lnx_shell_susp_rev_shells.yml 
added 
 - 'bash -i >& /dev/udp/'
        - 'sh -I >$ /dev/udp/'
        - 'sh -i   >$ /dev/tcp/'
 2019-04-02 18:22:18 +01:00
Florian Roth
5c5a16c4d5 Rule: adding xterm -display string to rule 2019-04-02 18:48:18 +02:00
Florian Roth
453bd10e6e Rule: Suspicious reverse shell command lines 2019-04-02 17:03:57 +02:00
Florian Roth
d06a5431eb
Changes 2019-04-01 14:03:54 +02:00
patrick
0242c40360 Add new signature for linux clear command history 2019-03-24 10:10:14 +01:00
Florian Roth
5092b1e603 Rule: removed overlapping strings in Linux rule 2019-02-05 16:12:07 +01:00
Florian Roth
32c098294f Rule: extended suspicious command lines 2019-02-05 15:58:15 +01:00
Florian Roth
b92c032c2d Linux JexBoss back connect shell 2018-11-08 23:21:36 +01:00
Florian Roth
6bde2cd08f
Update lnx_buffer_overflows.yml 2018-08-25 00:20:34 +02:00
Florian Roth
234a48af19 rule: Linux SSHD exploit CVE-2018-15473 
https://github.com/Rhynorater/CVE-2018-15473-Exploit
 2018-08-24 16:40:41 +02:00
Florian Roth
9e0abc5f0b Adjusted rules to the new specs reg "not null" usage 2018-06-28 09:30:31 +02:00
Alexandre ZANNI
74da324d8f
remove old public_html 
remove old public_html
 2018-05-29 11:44:38 +02:00
Alexandre ZANNI
a1de770b64
enhance web server paths 
- specify when it is apache only
- add Per-user path
- add archlinux paths
 2018-05-29 11:41:36 +02:00
Thomas Patzke
59eff939f2 Merge branch 'devel-sigmac' 2018-03-04 22:59:41 +01:00
Thomas Patzke
4792700726 Fixed rule 2018-03-04 22:07:01 +01:00
Florian Roth
b88a81a9e1 Rule: Linux > named > suspicious activity 2018-02-20 14:56:28 +01:00
Florian Roth
ef0cd4c110 Rules: Extended and fixed (*) sshd rules 2018-02-20 13:44:06 +01:00
SherifEldeeb
348728bdd9 Cleaning up empty list items 2018-01-28 02:36:39 +03:00
SherifEldeeb
48441962cc Change All "str" references to be "list"to mach schema update 2018-01-28 02:24:16 +03:00
SherifEldeeb
112a0939d7 Change "reference" to "references" to match new schema 2018-01-28 02:12:19 +03:00
Florian Roth
aca70e57ec Massive Title Cleanup 2018-01-27 10:57:30 +01:00
Florian Roth
f31ed7177e Added status 'experimental' to newly created auditd rules 2018-01-23 11:15:02 +01:00
Florian Roth
fe80ae7885 Rule: Linux auditd 'program execution in suspicious folders' 2018-01-23 11:13:23 +01:00
Florian Roth
228ca1b765 Rule: Linux auditd 'suspicious commands' 2018-01-23 11:13:23 +01:00
Thomas Patzke
5c465129bd Fixed rules 
* Replaced unspecified logsource attribute 'type' with 'category'
* Usage of service 'auth' for linux logs
 2017-09-11 00:35:52 +02:00
Thomas Patzke
f768bf3d61 Fixed parse errors 2017-08-02 22:49:15 +02:00
Florian Roth
fc4cd4036e Linux: Suspicious VSFTPD errors 2017-07-05 18:59:51 -06:00
Florian Roth
ead63fbf75 Linux: Suspicious SSHD errors 2017-06-30 08:47:56 +02:00
Florian Roth
004fed24e0 Linux Generic Rules 2017-05-02 20:32:38 +02:00
Florian Roth
67d9c44bb3 Improved linux suspicious activity rule 2017-03-27 15:21:39 +02:00