Potential Signing Bypass Via Windows Developer Features

Rule Info

Name
Potential Signing Bypass Via Windows Developer Features
Description
Detects when a user enable developer features such as "Developer Mode" or "Application Sideloading". Which allows the user to install untrusted packages.
Reference
Internal Research
Modified
None
Date
2023-01-11 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.defense_evasion DEMO
Id
a383dec4-deec-4e6e-913b-ed9249670848
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=a383dec4-deec-4e6e-913b-ed9249670848

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
90c1e45d8
feat: add new reg variant of dev mode
2023-01-12
Nasreddine Bencherchali
debd658aa
feat: new rules related to appx packages
2023-01-11
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022