security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sysmon_abusing_debug_privilege.yml

Browse Source 
NT AUTHORITY\SYSTEM
This commit is contained in:
Semanur Guneysu
2020-10-26 14:56:25 +03:00
parent 3ff10b160f
commit cb5a541a5e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/sysmon_abusing_debug_privilege.yml
+1 -1
View File
@@ -28,7 +28,7 @@ detection:
- '\powershell.exe'
- '\cmd.exe'
selection3:
User: 'NT AUTHORITY\\SYSTEM'
User: 'NT AUTHORITY\SYSTEM'
filter:
CommandLine|contains|all:
- ' route ADD '