security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80098113d06750ddb9ab275d7df1049f88d4ea7c
blue-team-tools/rules/web/web_cve_2020_0688_exchange_exploit.yml
T
Nasreddine Bencherchali f527b8eb4c Rename Web CVE Rules 
Renamed WEB CVE rules to the format "web_cve_20XX_XXXX_rest_of_name"
2022-06-14 19:22:26 +01:00

25 lines
537 B
YAML
Raw Blame History

title: CVE-2020-0688 Exploitation Attempt
id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a
status: test
description: Detects CVE-2020-0688 Exploitation attempts
author: NVISO
references:
- https://github.com/Ridter/cve-2020-0688
date: 2020/02/27
modified: 2021/11/27
logsource:
category: webserver
detection:
selection:
c-uri|contains|all:
- '/ecp/default.aspx'
- '__VIEWSTATEGENERATOR='
- '__VIEWSTATE='
condition: selection
falsepositives:
- Unknown
level: high
tags:
- attack.initial_access
- attack.t1190
Reference in New Issue View Git Blame Copy Permalink