Potential CommandLine Confusion Via Path Escape Abuse

Rule Info

Tags
attack.defense_evasion
Modified
2023-03-16 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Name
Potential CommandLine Confusion Via Path Escape Abuse
Description
Detects additional path escapes in the commandline, which could be a sign of obfuscation or defense evasion in order to confuse commandline logging
Date
2023-02-28 00:00:00
Id
376e5108-02e6-4f89-98bf-8be09b97616a
Type
Nextron Sigma feed only (private)

Rule History