Potential Provisioning Registry Key Abuse For Binary Proxy Execution

Rule Info

Name
Potential Provisioning Registry Key Abuse For Binary Proxy Execution
Author
Nasreddine Bencherchali (Nextron Systems), Swachchhanda Shrawan Poudel
Description
Detects potential abuse of the provisioning registry key for indirect command execution through "Provlaunch.exe".
Reference
https://lolbas-project.github.io/lolbas/Binaries/Provlaunch/
Date
2023-08-08 00:00:00
Modified
None
Id
2a4b3e61-9d22-4e4a-b60f-6e8f0cde6f25
Tags
attack.defense-evasion attack.t1218
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=2a4b3e61-9d22-4e4a-b60f-6e8f0cde6f25

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
47085e948
phantinuss
fix: wording
2023-08-09
7beea4c52
Nasreddine Bencherchali
feat: updates and enhancements
2023-08-08
87b94ac16
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022