Browser Execution In Headless Mode

Rule Info

Name
Browser Execution In Headless Mode
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of Chromium based browser in headless mode
Reference
https://twitter.com/mrd0x/status/1478234484881436672?s=12
Date
2023-09-12 00:00:00
Modified
None
Id
ef9dcfed-690c-4c5d-a9d1-482cd422225c
Tags
attack.command-and-control attack.t1105
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=ef9dcfed-690c-4c5d-a9d1-482cd422225c

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
Nasreddine Bencherchali
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04
e230acd7e
Nasreddine Bencherchali
feat: new rules, updates and goofy guineapig stuff (#4229)
2023-05-15
0cb01970e
Nasreddine Bencherchali
feat: rule updates
2023-04-12
e898abc01
Nasreddine Bencherchali
feat: more updates
2023-03-06
e3503d5d6
Nasreddine Bencherchali
feat: multiple fixes and updates
2023-02-21
63888f7a5
frack113
change status to test
2023-01-27
1033b3f40
frack113
Revert "Change status of old rules"
2023-01-26
cb67871bd
frack113
Change status of old rules
2023-01-25
5323fd4ba
frack113
order yaml
2022-10-28
1f8e37351
frack113
Add status
2022-05-15
f386440bb
phantinuss
fix: unknown --> Unknown
2022-03-16
b23eee6eb
frack113
Normalization of rule names
2022-02-22
8bb3379b6
Florian Roth
Update process_creation_headless_browser_file_download.yml
2022-01-04
8d8112f13
Florian Roth
fix: filename not according to standard
2022-01-04
acbce4f49
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022