Commit Graph

129 Commits

Author SHA1 Message Date
frack113
abcaf00aee
Merge pull request #1818 from frack113/split_1802_net
Correct lists with only 1 value
2021-08-13 10:17:24 +02:00
Florian Roth
852d7a8b22
fix: typo in description 2021-08-12 10:11:17 +02:00
Florian Roth
a9ad4eda4a
rules: ProxyShell refactoring and new rule 2021-08-09 17:57:34 +02:00
frack113
fc64b8b937 Split PR 1802 fix net rules 2021-08-09 17:23:15 +02:00
Florian Roth
af1e43f3c1
more generic 2021-08-08 23:05:56 +02:00
Florian Roth
a80f9f280c
refactor: feedback from Rich Warren 2021-08-08 23:05:23 +02:00
Florian Roth
5443298092
rule: ProxyShell improved 2021-08-08 18:52:49 +02:00
Florian Roth
0a8904a61e
fix: issues with new rule 2021-08-07 10:10:12 +02:00
Florian Roth
1ac49a2055
rule: ProxyShell patterns 2021-08-07 09:22:24 +02:00
G Y
544ec5861b
Update web_nginx_core_dump.yml
Fixed typo in description field.
2021-07-03 10:39:37 +08:00
Florian Roth
f438039af9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-07-01 09:49:01 +02:00
Sittikorn S
c9ce298b2e
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml
remove http response
2021-06-29 17:49:01 +07:00
Sittikorn S
14d1c68cc8
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 15:19:22 +07:00
Sittikorn S
67f483e6a9
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 14:17:27 +07:00
Sittikorn S
c446c519cf
Update web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:59:08 +07:00
Sittikorn S
f3c1d78615
Create web_cve_2021_22893_pulse_secure_rce_exploit.yml 2021-06-29 13:56:30 +07:00
Florian Roth
ab73dd4dd6 rule: nginx core dump 2021-05-31 10:49:42 +02:00
Florian Roth
02323043d7 Create web_cve_2021_26814_wzuh_rce.yml 2021-05-22 15:45:38 +02:00
Florian Roth
3cf1be9e8d rule: exchange vulnerability CVE-2021-28480 2021-05-14 10:08:41 +02:00
Josh Brower
af09dd8e3c
Clean up: Webshell ReGeorg Detection 2021-04-05 13:01:10 -04:00
Florian Roth
428db0c74a
Merge pull request #1382 from d4rk-d4nph3/master
Added rule for CVE-2021-21978 in VMware View Planner
2021-03-29 11:22:56 +02:00
Bhabesh Rai
a58c5ed7cc Added rule for CVE-2021-21978 in VMware View Planner 2021-03-10 18:05:15 +05:45
Florian Roth
dca5c870d7
Merge pull request #1374 from hieuttmmo/master
Detect HAFNIUM operations
2021-03-09 09:16:52 +01:00
Florian Roth
62b65a3578
Merge pull request #1375 from SigmaHQ/rule-devel
fix: description
2021-03-04 17:35:53 +01:00
Florian Roth
bea2f226c6 fix: description 2021-03-04 17:35:25 +01:00
Tran Trung Hieu
5f74a58081 Detect HAFNIUM operations 2021-03-04 00:01:54 +07:00
Florian Roth
9e921115bc
Merge pull request #1373 from SigmaHQ/rule-devel
HAFNIUM rule
2021-03-03 10:34:08 +01:00
Florian Roth
d8ded5ebdc refactor: changed symbols after feedback from Volexity 2021-03-03 10:15:45 +01:00
Florian Roth
e17986ebd3 rule: HAFNIUM Exchange exploitation 2021-03-03 09:58:43 +01:00
Florian Roth
73a3a1e5cd
Merge pull request #1360 from d4rk-d4nph3/master
Added sigma rule for vSphere RCE CVE-2021-21972
2021-03-03 09:32:05 +01:00
Florian Roth
8c95f90075
Update web_vsphere_cve_2021_21972_unauth_rce_exploit.yml 2021-03-03 09:08:24 +01:00
Bhabesh Rai
e1dff01cea Added sigma rule for vSphere RCE CVE-2021-21972 2021-02-24 23:48:08 +05:45
Florian Roth
96803a5a27
Merge pull request #1355 from Neo23x0/rule-devel
Rule devel
2021-02-22 17:46:21 +01:00
Florian Roth
aea03076c2 rule: simplified rule 2021-02-22 17:19:14 +01:00
Florian Roth
43b2ad580f rule: DEWMODE webshell 2021-02-22 17:15:32 +01:00
Florian Roth
f62fc2e889
Merge pull request #1341 from d4rk-d4nph3/master
Added rule for TerraMaster TOS CVE-2020-28188
2021-02-18 11:17:48 +01:00
Bhabesh Rai
a8d33171d7 Fixed c-uri 2021-02-02 10:23:47 +05:45
Florian Roth
6b9eef58da
Merge pull request #1338 from Neo23x0/rule-devel
Improved UNC2452 activity rules
2021-01-25 14:36:44 +01:00
Florian Roth
a4bec724a6 rule: SonicWall exploitation 2021-01-25 11:54:23 +01:00
Bhabesh Rai
465ab713b0 Added rule for TerraMaster TOS CVE-2020-28188 2021-01-25 13:01:27 +05:45
Bhabesh Rai
dac229a8bb Added rule for Oracle WebLogic Exploit CVE-2021-2109 2021-01-20 14:28:18 +05:45
Florian Roth
30dcc28a1f Cisco ASA FTD Exploit CVE-2020-3452 2021-01-07 13:17:58 +01:00
Florian Roth
0a83f91386
Merge pull request #1321 from d4rk-d4nph3/master
Fixed typo in file format
2020-12-28 09:13:48 +01:00
Bhabesh Rai
bf77c8266a Fixed typo in file format 2020-12-28 11:46:02 +05:45
Florian Roth
896fc21911
Merge pull request #1320 from d4rk-d4nph3/master
Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass
2020-12-27 20:37:36 +01:00
Florian Roth
a6212a4490
style: some minor style changes 2020-12-27 20:06:19 +01:00
Bhabesh Rai
1cfad987b0 Added rule for CVE-2020-10148 SolarWinds Orion API Authentication Bypass 2020-12-27 17:34:49 +05:45
Florian Roth
821af35557
Merge pull request #1313 from Neo23x0/rule-devel
Rule devel
2020-12-23 13:57:11 +01:00
Florian Roth
e67d17a967 rule: improved solarwinds webshell rule 2020-12-22 10:36:34 +01:00
Florian Roth
e78d7e6aee
Merge pull request #1296 from mat-gas/fix-references
fix "references" field + add test for references in plural form
2020-12-21 18:25:35 +01:00