security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update rules-threat-hunting/windows/powershell/powershell_script/posh_ps_win_api_library_access.yml

Browse Source 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
This commit is contained in:
Nasreddine Bencherchali
2023-07-31 12:29:16 +02:00
committed by GitHub
parent e69daf27a1
commit dae7fff209
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules-threat-hunting/windows/powershell/powershell_script/posh_ps_win_api_library_access.yml
+1 -1
View File
@@ -8,7 +8,7 @@ related:
- id: 19d65a1c-8540-4140-8062-8eb00db0bba5
type: similar
status: experimental
description: Detects calls to WinAPI functions from PowerShell scripts. Attackers can often leverage these API to avoid detection based on typical PowerShell function calls. Use this rule as a basis to hunt for interesting scripts.
description: Detects calls to WinAPI functions from PowerShell scripts. Attackers can often leverage these APIs to avoid detection based on typical PowerShell function calls. Use this rule as a basis to hunt for interesting scripts.
references:
- https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse
author: Nikita Nazarov, oscd.community, Nasreddine Bencherchali (Nextron Systems)