BlueTeamOps
BlueTeamOps
Hi there, I have executed CONFIGURE_UBUNTU20LTS.bash During execution I get the following error "./configure: line 6780: 0: command not found" but the script goes through. When I run make install...
Following yml files were added to to the blocklist cloud/azure/azure_aad_secops_signin_failure_bad_password_threshold.yml web/web_multiple_susp_resp_codes_single_source.yml
List all the disabled security products using Windows Security Center
Identifies default named pipes used by most popular post exploitation frameworks and sysadmin tools
Updated proc_creation_win_iis_service_account_password_dumped.yml to include additional detection logic based on latest intel.
I had recently written an article regarding Dev Tunnels https://medium.com/@blueteamops/detecting-dev-tunnels-16f0994dc3e2. This is the Sigma rule that was developed to detect its activity on hosts using process creation events. ### Changelog...
Hi Roberto, I have started doing simulation in M365. So this is batch 1 of many contributions that you will see in the coming weeks. Please note that I have...
Hey David, This is an awesome tool. However, I just did a POC test with a WMI persistence on a VM and your script did not pick up the persistence....
Hey David, This is an awesome tool. However, I just did a POC test with a WMI persistence on a VM and your script did not pick up the persistence....