Rule Info
Name
Uncommon Process Access Rights For Target Image
Author
Nasreddine Bencherchali (Nextron Systems), frack113
Description
Detects process access request to uncommon target images with a "PROCESS_ALL_ACCESS" access mask.
Reference
Date
2024-05-27 00:00:00
Modified
None
Id
a24e5861-c6ca-4fde-a93c-ba9256feddf0
Tags
attack.defense-evasion attack.privilege-escalation attack.t1055.011
Type
Community Rule
Link to Public Repo