security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix modified

Browse Source
This commit is contained in:
frack113
2021-11-11 10:26:08 +01:00
parent c682c12ecf
commit c2ef681e86
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/linux/auditd/lnx_auditd_omigod_scx_runasprovider_executeshellcommand.yml
+1 -1
View File
@@ -3,7 +3,7 @@ id: 045b5f9c-49f7-4419-a236-9854fb3c827a
description: Rule to detect the use of the SCX RunAsProvider Invoke_ExecuteShellCommand to execute any UNIX/Linux command using the /bin/sh shell. SCXcore, started as the Microsoft Operations Manager UNIX/Linux Agent, is now used in a host of products including Microsoft Operations Manager. Microsoft Azure, and Microsoft Operations Management Suite.
status: experimental
date: 2021/09/17
modified: 2021/11/11
modified: 2021/11/11
author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
tags:
- attack.privilege_escalation