security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3928 from jkb-s/patch-2

Browse Source 
Fix `filepath` parameter
This commit is contained in:
Nasreddine Bencherchali
2023-01-16 11:10:01 +01:00
committed by GitHub
parent 2b0b680775 09731e8547
commit 592ec21129
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_import_cert_susp_locations.yml
+2 -2
View File
@@ -7,7 +7,7 @@ references:
- https://docs.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2022-ps
author: Nasreddine Bencherchali
date: 2022/09/09
modified: 2022/12/29
modified: 2023/01/16
tags:
- attack.defense_evasion
- attack.t1553.004
@@ -18,7 +18,7 @@ detection:
selection:
CommandLine|contains|all:
- 'Import-Certificate'
- ' -File-Path '
- ' -FilePath '
- 'Cert:\LocalMachine\Root'
CommandLine|contains:
- '\AppData\Local\Temp\'