Potential Wazuh Security Platform DLL Sideloading

Rule Info

Tags
DEMO attack.defense_evasion attack.privilege_escalation attack.t1574.002 attack.persistence attack.t1574.001
Modified
2023-03-15 00:00:00
Author
X__Junior
Name
Potential Wazuh Security Platform DLL Sideloading
Description
Detects potential DLL sideloading of DLLs that are part of the Wazuh security platform
Date
2023-03-13 00:00:00
Id
db77ce78-7e28-4188-9337-cf30e2b3ba9f
Type
Community Rule

Rule History

Commit
Date
Author
Title
2023-03-15
Nasreddine Bencherchali
chore: increase level of some sideloading rules
2023-03-14
Mohamed Ashraf
Update rules/windows/image_load/image_load_side_load_wazuh.yml
2023-03-13
Nasreddine Bencherchali
fix: improve metadata
2023-03-13
Nasreddine Bencherchali
fix: fp
2023-03-13
Mohamed Ashraf (X__Junior)
new rules related to possible dll sideloading