public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into windows_11_sprint

Browse Source
This commit is contained in:
Wietze
2021-12-14 17:39:36 +00:00
committed by GitHub
parent e51caad3dd 7b208e8021
commit 52302853c9
9 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
yml/OSBinaries/ConfigSecurityPolicy.yml
View File

@@ -16,6 +16,7 @@ Full_Path:
Code_Sample:
- Code:
Detection:
- Sigma: https://github.com/SigmaHQ/sigma/blob/5e57e476c29980800dcc88a7a001ddb75d21a58b/rules/windows/process_creation/win_pc_lolbas_configsecuritypolicy.yml
- IOC: ConfigSecurityPolicy storing data into alternate data streams.
- IOC: Preventing/Detecting ConfigSecurityPolicy with non-RFC1918 addresses by Network IPS/IDS.
- IOC: Monitor process creation for non-SYSTEM and non-LOCAL SERVICE accounts launching ConfigSecurityPolicy.exe.