VMMap Signed Dbghelp.DLL Potential Sideloading

Rule Info

Name
VMMap Signed Dbghelp.DLL Potential Sideloading
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potential DLL sideloading of a signed dbghelp.dll by the Sysinternals VMMap.
Date
2023-09-05 00:00:00
Modified
None
Id
98ffaed4-aec2-4e04-9b07-31492fe68b3d
Tags
attack.defense-evasion attack.persistence attack.privilege-escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
Nasreddine Bencherchali
Merge PR #4406 from @nasbench - Multiple Updates & Additions
2023-09-07
Nasreddine Bencherchali
feat: more updates
2023-07-28