public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity

Add sigma ref Detection (#272)

Browse Source 
* Add sigma ref

* Add missing sigma ref

* Fix sigma link

* Remove by Defender

* Remove by Defender
This commit is contained in:
frack113
2022-12-29 15:51:15 +01:00
committed by GitHub
parent 8ff159abb7
commit 1072d3dc34
18 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
yml/OtherMSBinaries/AccCheckConsole.yml
View File

@@ -26,6 +26,7 @@ Full_Path:
Code_Sample:
- Code: https://docs.microsoft.com/en-us/windows/win32/winauto/custom-verification-routines
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/19396788dbedc57249a46efed2bb1927abc376d4/rules/windows/process_creation/proc_creation_win_lolbin_susp_acccheckconsole.yml
- IOC: Sysmon Event ID 1 - Process Creation
- Analysis: https://gist.github.com/bohops/2444129419c8acf837aedda5f0e7f340
Resources: