Potential Recon Activity Using DriverQuery.EXE

Rule Info

Name
Potential Recon Activity Using DriverQuery.EXE
Description
Detect usage of the "driverquery" utility to perform reconnaissance on installed drivers
Modified
None
Date
2023-01-19 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.discovery DEMO
Id
9fc3072c-dc8f-4bf7-b231-18950000fadd
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
fix: reposition selection for readability
2023-01-20
Nasreddine Bencherchali
fix: driverquery condition and selection
2023-01-19
Nasreddine Bencherchali
feat: new rules for driverquery
2023-01-19