Standard User In High Privileged Group

Rule Info

Name
Standard User In High Privileged Group
Description
Detect standard users login that are part of high privileged groups such as the Administrator group
Reference
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
Modified
None
Date
2023-01-13 00:00:00
Author
frack113
Tags
attack.credential_access DEMO attack.privilege_escalation
Id
7ac407cc-0f48-4328-aede-de1d2e6fef41
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=7ac407cc-0f48-4328-aede-de1d2e6fef41

Rule History

Author
Commit
Title
Date
Wagga
273fdb998
fix: typos in multiple rules (#4011)
2023-02-06
Nasreddine Bencherchali
c7f1f52b7
fix: apply suggestions from code review
2023-01-13
frack113
c6942cba6
Add lsa-server
2023-01-13
frack113
deeac89f3
Add lsa-server
2023-01-13
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022