Potential Exploitation Attempt Of Undocumented WindowsServer RCE

Rule Info

Name
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
Description
Detects potential exploitation attempt of undocumented Windows Server Pre Auth Remote Code Execution (RCE)
Modified
None
Date
2023-01-21 00:00:00
Author
Florian Roth (Nextron Systems), Nasreddine Bencherchali
Tags
DEMO
Id
6d5b8176-d87d-4402-8af4-53aee9db7b5d
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Florian Roth
doc: adding another reference
2023-01-22
Florian Roth
docs: authors extended
2023-01-22
Nasreddine Bencherchali
fix: update filename
2023-01-22
Nasreddine Bencherchali
fix: add more detail
2023-01-22
Florian Roth
rule: susp svchost sub process
2023-01-21