security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4e9ef005c2906b6d5b1de02e51affe733477e7c6
blue-team-tools/rules/linux/builtin/lnx_buffer_overflows.yml
T
Nasreddine Bencherchali 598d29f811 Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 
chore: change tags, date, modified fields to comply with v2 of the Sigma spec.
chore: update the related type from `obsoletes` to `obsolete`.
chore: update local json schema to the latest version.
2024-08-12 12:02:50 +02:00

24 lines
712 B
YAML
Raw Blame History

title: Buffer Overflow Attempts
id: 18b042f0-2ecd-4b6e-9f8d-aa7a7e7de781
status: stable
description: Detects buffer overflow attempts in Unix system log files
references:
- https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/attack_rules.xml
author: Florian Roth (Nextron Systems)
date: 2017-03-01
tags:
- attack.t1068
- attack.privilege-escalation
logsource:
product: linux
detection:
keywords:
- 'attempt to execute code on stack by'
- 'FTP LOGIN FROM .* 0bin0sh'
- 'rpc.statd[\d+]: gethostbyname error for'
- 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
condition: keywords
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink