Potential Signing Bypass Via Windows Developer Features - Registry

Rule Info

Name
Potential Signing Bypass Via Windows Developer Features - Registry
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects when the enablement of developer features such as "Developer Mode" or "Application Sideloading". Which allows the user to install untrusted packages.
Reference
https://twitter.com/malmoeb/status/1560536653709598721
Date
2023-01-12 00:00:00
Modified
2023-08-17 00:00:00
Id
b110ebaf-697f-4da1-afd5-b536fa27a2c1
Tags
attack.defense-evasion
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b110ebaf-697f-4da1-afd5-b536fa27a2c1

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
47085e948
frack113
Refractor registry_set rules
2023-08-17
bb2aea7c4
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
feat: add new reg variant of dev mode
2023-01-12
90c1e45d8
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022