security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2022-11-03 09:39:48 +01:00
parent 1d37ec5f74
commit 5ee9428e59
6 changed files with 46 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_module/posh_pm_alternate_powershell_hosts.yml
+2
View File
@@ -28,6 +28,8 @@ detection:
# In some cases powershell was invoked with inverted slashes
- '= C:/Windows/System32/WindowsPowerShell/v1.0/powershell'
- '= C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell'
# When MSDT is launched
- '= C:\WINDOWS\System32\sdiagnhost.exe -Embedding '
filter_citrix:
ContextInfo|contains: 'ConfigSyncRun.exe'
filter_adace: # Active Directory Administrative Center Enhancements