Potential PowerShell Execution Policy Tampering

Rule Info

Name
Potential PowerShell Execution Policy Tampering
Description
Detects changes to the PowerShell execution policy in order to bypass signing requirements for script execution
Modified
None
Date
2023-01-11 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.defense_evasion DEMO
Id
fad91067-08c5-4d1a-8d8c-d96a21b37814
Type
Community Rule

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
fix: apply suggestions from code review
2023-01-12
Nasreddine Bencherchali
fix: more fp and duplicate id
2023-01-11
Nasreddine Bencherchali
fix: fp and add related fields
2023-01-11
Nasreddine Bencherchali
feat: new rules related to appx packages
2023-01-11