security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4989d43ae97015f8113aed2efcd49d288b8fec21
blue-team-tools/rules/linux/builtin/lnx_buffer_overflows.yml
T
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag
2023-02-01 11:14:59 +01:00

24 lines
712 B
YAML
Raw Blame History

title: Buffer Overflow Attempts
id: 18b042f0-2ecd-4b6e-9f8d-aa7a7e7de781
status: stable
description: Detects buffer overflow attempts in Unix system log files
references:
- https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/attack_rules.xml
author: Florian Roth (Nextron Systems)
date: 2017/03/01
tags:
- attack.t1068
- attack.privilege_escalation
logsource:
product: linux
detection:
keywords:
- 'attempt to execute code on stack by'
- 'FTP LOGIN FROM .* 0bin0sh'
- 'rpc.statd[\d+]: gethostbyname error for'
- 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
condition: keywords
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink