security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

LiquidSnake named pipe

Browse Source
This commit is contained in:
Florian Roth
2021-09-01 13:54:47 +02:00
parent f102b2d9a1
commit affc929c3b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/pipe_created/sysmon_mal_namedpipes.yml
+1
View File
@@ -34,6 +34,7 @@ detection:
- '\Posh*' #PoshC2 default
- '\jaccdpqnvbrrxlaf' #PoshC2 default
- '\csexecsvc' #CSEXEC default
- '\6e7645c4-32c5-4fe3-aabf-e94c2f4370e7' # LiquidSnake https://github.com/RiccardoAncarani/LiquidSnake
condition: selection
tags:
- attack.defense_evasion