Insecure Proxy/DOH Transfer Via Curl.EXE

Rule Info

Name
Insecure Proxy/DOH Transfer Via Curl.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of "curl.exe" with the "insecure" flag over proxy or DOH.
Reference
https://curl.se/docs/manpage.html
Date
2023-07-27 00:00:00
Modified
None
Id
2c1486f5-02e8-4f86-9099-b97f2da4ed77
Tags
attack.execution
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=2c1486f5-02e8-4f86-9099-b97f2da4ed77

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4867 from @nasbench - Promote older rules status from `experimental` to `test`
2024-06-03
d84959e50
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-07-31
e69daf27a
Nasreddine Bencherchali
fix: duplicate ids and missing selections
2023-07-27
9a73c3355
Nasreddine Bencherchali
feat: update curl & wget rules
2023-07-27
1d10fd8d5
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-07-24
ad0d3f58a
Nasreddine Bencherchali
feat: add more rules
2023-07-20
73f44e61d
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022