Uncommon Process Access Rights For Target Image

Rule Info

Name
Uncommon Process Access Rights For Target Image
Author
Nasreddine Bencherchali (Nextron Systems), frack113
Description
Detects process access request to uncommon target images with a "PROCESS_ALL_ACCESS" access mask.
Date
2024-05-27 00:00:00
Modified
None
Id
a24e5861-c6ca-4fde-a93c-ba9256feddf0
Tags
attack.defense-evasion attack.privilege-escalation attack.t1055.011
Type
Community Rule

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
frack113
Merge PR #4862 from @frack113 - Add `Uncommon Process Access Rights For Target Image`
2024-05-27