security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: change keyword and bound it to a field

Browse Source
This commit is contained in:
Karneades
2019-10-29 19:59:43 +01:00
parent 632c45843b
commit ab5556ae8c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/powershell/powershell_suspicious_keywords.yml
+2 -1
View File
@@ -14,7 +14,8 @@ logsource:
definition: 'It is recommended to use the new "Script Block Logging" of PowerShell v5 https://adsecurity.org/?p=2277'
detection:
keywords:
- System.Reflection.Assembly.Load
Message:
- "*[System.Reflection.Assembly]::Load*"
condition: keywords
falsepositives:
- Penetration tests