Malicious PowerShell Scripts - PoshModule

Rule Info

Name
Malicious PowerShell Scripts - PoshModule
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of known offensive powershell scripts used for exploitation or reconnaissance
Reference
https://github.com/PowerShellMafia/PowerSploit
Date
2023-01-23 00:00:00
Modified
2024-01-25 00:00:00
Id
41025fd7-0466-4650-a813-574aaacbe7f4
Tags
attack.execution attack.t1059.001 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=41025fd7-0466-4650-a813-574aaacbe7f4

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4681 from @nasbench - Add Missing Ref & Tags
2024-01-29
be359ef3f
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01
ae960f088
Nasreddine Bencherchali
feat: new rules, updates and goofy guineapig stuff (#4229)
2023-05-15
0cb01970e
Nasreddine Bencherchali
fix: fp found in testing
2023-01-24
9a03e4e13
Nasreddine Bencherchali
fix: optimize "Invoke-Sharp" coverage
2023-01-21
dfdc232f5
Nasreddine Bencherchali
feat: update and merge some pwsh rules
2023-01-20
ea536c33b
Nasreddine Bencherchali
feat: new rules and updates
2023-01-17
85fb255bc
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-10
81f75c1d2
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-06
7e73028c5
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-04
711ba956e
Nasreddine Bencherchali
feat: updates and enhancements
2023-01-02
a99b5082e
Nasreddine Bencherchali
fix: rename links from old repo to SigmaHQ
2022-12-27
a25027fef
gs3cl
Gs3cl patch 1 (#3753)
2022-12-05
122cb47d7
Mustafa Kaan Demir
DomainPasswordSpray Attacks Rule
2022-10-29
27822a082
frack113
Order yaml field
2022-10-26
fac673282
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022