Potential Exploitation Attempt Of Undocumented WindowsServer RCE

Rule Info

Name
Potential Exploitation Attempt Of Undocumented WindowsServer RCE
Description
Detects potential exploitation attempt of undocumented Windows Server Pre Auth Remote Code Execution (RCE)
Reference
https://twitter.com/YanZiShuang/status/1616777483646533632?s=20&t=TQT9tUuPbQJai4v6HtsOQw
Modified
None
Date
2023-01-21 00:00:00
Author
Florian Roth (Nextron Systems), Nasreddine Bencherchali
Tags
DEMO
Id
6d5b8176-d87d-4402-8af4-53aee9db7b5d
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=6d5b8176-d87d-4402-8af4-53aee9db7b5d

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Florian Roth
e95f0d03b
doc: adding another reference
2023-01-22
Florian Roth
f2d633ad1
docs: authors extended
2023-01-22
Nasreddine Bencherchali
f1c911241
fix: update filename
2023-01-22
Nasreddine Bencherchali
a530e7ad3
fix: add more detail
2023-01-22
Florian Roth
52a4985dc
rule: susp svchost sub process
2023-01-21
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022