Potential Exploitation Attempt Of Undocumented WindowsServer RCE

Rule Info

Name
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
Author
Florian Roth (Nextron Systems), Nasreddine Bencherchali
Description
Detects potential exploitation attempt of undocumented Windows Server Pre Auth Remote Code Execution (RCE)
Reference
https://github.com/SigmaHQ/sigma/pull/3946
Date
2023-01-21 00:00:00
Modified
None
Id
6d5b8176-d87d-4402-8af4-53aee9db7b5d
Tags
detection.emerging_threats attack.initial_access attack.t1190 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=6d5b8176-d87d-4402-8af4-53aee9db7b5d

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01
ae960f088
Tessa Georgen
Merge PR #4392 from @tjgeorgen - Update MITRE Tags
2023-08-28
60b8e9b70
frack113
Update tags
2023-06-20
8c5dba374
Nasreddine Bencherchali
chore: move rules to new folders (#4205)
2023-05-02
637d61088
Nasreddine Bencherchali
feat: updates and enhancements
2023-02-14
27aac9763
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Florian Roth
doc: adding another reference
2023-01-22
e95f0d03b
Florian Roth
docs: authors extended
2023-01-22
f2d633ad1
Nasreddine Bencherchali
fix: update filename
2023-01-22
f1c911241
Nasreddine Bencherchali
fix: add more detail
2023-01-22
a530e7ad3
Florian Roth
rule: susp svchost sub process
2023-01-21
52a4985dc
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022