Rule Info
Name
Uncommon Process Access Rights For Target Image
Author
Nasreddine Bencherchali (Nextron Systems), frack113
Description
Detects process access request to uncommon target images with a "PROCESS_ALL_ACCESS" access mask.
Reference
Date
2024-05-27 00:00:00
Modified
None
Id
a24e5861-c6ca-4fde-a93c-ba9256feddf0
Tags
attack.defense_evasion attack.privilege_escalation attack.t1055.011 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
frack113
Merge PR #4862 from @frack113 - Add `Uncommon Process Access Rights For Target Image`
2024-05-27