Potential CommandLine Confusion Via Path Escape Abuse

Rule Info

Name
Potential CommandLine Confusion Via Path Escape Abuse
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects additional path escapes in the commandline, which could be a sign of obfuscation or defense evasion in order to confuse commandline logging
Date
2023-02-28 00:00:00
Modified
2023-03-16 00:00:00
Id
376e5108-02e6-4f89-98bf-8be09b97616a
Tags
attack.defense_evasion
Type
Nextron Sigma feed only (private)

Rule History