4188efbe70
Merge pull request 'Ajout de la personnalisation X à DeepBlueHash' ( #1 ) from modifs into master
...
Reviewed-on: #1
2025-07-07 14:09:29 +00:00
48a8d826e9
Ajout de la personnalisation X à DeepBlueHash
2025-07-07 16:02:16 +02:00
2eecc65698
New Sliver and Metasploit EVTX files including cmd.exe writing to ADMIN$, and suspicious remote threads
2023-06-28 16:33:55 -04:00
8e510aaaef
Update safelist.txt
2023-06-28 16:21:07 -04:00
50d2ca9ef9
Added Sysmon event 8 (Suspicious remote thread)
2023-06-28 16:20:32 -04:00
ac1a9991fd
Added event 29, updated for new Sysmon schema
2023-06-28 14:21:01 -04:00
9e5979fca2
Update DeepBlueHash-checker.ps1
2023-06-28 13:30:16 -04:00
e9fc13a57b
Update README-DeepBlueHash.md
2023-06-28 13:29:22 -04:00
7fb41280a2
Updated for Virustotal Key v3
2023-06-28 13:27:39 -04:00
41fe88f2e4
Update DeepBlueHash-collector.ps1
...
Updated for new Sysmon schema
2023-06-28 13:23:46 -04:00
3c8fa15e28
Update DeepBlueHash-checker.ps1
...
Updated for Virustotal API key v3
2023-06-28 13:23:02 -04:00
cd3e304f27
Update README-DeepBlueHash.md
2023-06-27 17:18:20 -04:00
a99c412a73
Update README-DeepBlueHash.md
2023-06-27 14:37:24 -04:00
1699dfc5cf
Update README-DeepBlueHash.md
2023-06-27 14:37:10 -04:00
fc670716d6
Rename DeepWhite-collector.ps1 to DeepBlueHash-collector.ps1
2023-06-07 16:54:54 -04:00
ecbc203684
Rename DeepWhite-checker.ps1 to DeepBlueHash-checker.ps1
2023-06-07 16:54:36 -04:00
229010219a
More updates, including more WMI detection
2023-06-07 16:47:34 -04:00
79dd0e6b11
Minor fix
2023-06-07 16:34:15 -04:00
f35415586d
Updated for Sysmon schema 8
2023-06-07 16:17:34 -04:00
ce3c408efa
Minor version update
2023-06-07 16:06:15 -04:00
e07e5aa1de
Rename DeepBlueHash-checker.ps1 to DeepWhite-checker.ps1
...
Temp change to merge old pull request
2023-06-07 15:05:03 -04:00
9369182b49
Rename DeepBlueHash-collector.ps1 to DeepWhite-collector.ps1
...
Temp change to merge old pull request
2023-06-07 14:14:06 -04:00
9e51dd0579
Merge pull request #25 from netscylla/wmi-events
...
Wmi events
2023-06-07 13:41:55 -04:00
2fc4fd599f
Merge pull request #27 from TheNiv/patch-1
...
Fixed windows event log check.
2023-06-07 13:36:07 -04:00
120448c50e
s/White/BlueHash/g
2022-02-13 10:47:58 -05:00
115b4f30b2
Merge pull request #29 from sans-blue-team/Conrad-test
...
s/DeepWhite/DeepBlueHash
2022-01-05 13:51:00 -05:00
0f6a93b2f0
s/DeepWhite/DeepBlueHash
2022-01-05 13:48:58 -05:00
eebd75d029
Merge pull request #28 from n3tl0kr/patch-1
...
Small typographical error in output
2021-11-11 11:11:18 -05:00
f5b844cb1a
Small typographical error in output
2021-11-11 11:10:04 -05:00
ea97820b79
Fixed windows event log check.
...
The output of the start/stop windows event log service was not correct.
After checking the script on the sample file: disablestop-eventlog.evtx I have noticed that the output was not correct and found out it is actually the third parameter that should be checked instead of the second.
2021-11-06 10:11:03 +02:00
cf9411f721
Added another base64 encoding method
2021-10-29 16:37:26 -04:00
e3bf84fe51
Added some ASEPs
2021-10-29 16:25:45 -04:00
45d62cbfbe
Was analyzing Sysmon event 1 image instead of CommandLine. Fixed
2021-10-29 16:17:25 -04:00
350fe3c134
Added # of unique accounts sprayed
2021-10-28 15:15:27 -04:00
d7d8d5eb80
s/Passworg/Password/g
2021-10-28 14:57:37 -04:00
5f2a62cd9c
s/DeepBlueCLI/DeepWhite/g
2021-10-28 12:22:13 -04:00
46fe6b42c5
s/antivrus/antivirus/g
2021-10-28 12:20:45 -04:00
2ae82a296f
Added AV caveat
2021-10-28 12:17:05 -04:00
8b15218ae3
Merge pull request #26 from sans-blue-team/Conrad-test
...
Inclusive language update
2021-10-28 09:07:53 -07:00
15999a1243
Inclusive language update
2021-10-28 12:00:04 -04:00
62d25d9e76
Inclusive language update
2021-10-28 11:58:23 -04:00
46bb325e0d
Inclusive language update
2021-10-28 11:53:59 -04:00
0c7338dd38
Update DeepBlue.ps1
...
fixed indentation
2021-09-16 13:57:35 +01:00
ddb9e3e0fa
Added code to support flagging suspicious wmi filter events, also added sample log file
2021-09-16 13:55:34 +01:00
45c21e3821
Changing whitelist to ignorelist
2021-07-01 13:35:58 -04:00
396bbc4e28
Merge pull request #22 from zmbf0r3ns1cs/master
...
Update System EID 104 parsing output to correctly reflect the cleared log name
2021-05-06 19:11:11 +00:00
122d078efe
Update System EID 104 output for DeepBlue.ps1
...
Added in functionality for DeepBlue.ps1 to pull "message" field from EVTX log for System EID 104 log clearing events to properly show the correct log file being cleared.
2021-05-05 16:35:17 -04:00
c2a3840bae
Correct typo in DeepBlue.ps1 hidden service detect
2020-10-13 06:47:30 -04:00
3fae5dbef6
Update to catch services.exe DAC permission change to hide services
2020-09-14 16:37:59 -04:00
bc63790883
Report on cleared Security and System event logs, close #18
2020-09-10 11:08:47 -04:00
