 Terrance DeJesus
|
d2791bf29a
|
[New Rule] Toolshell Exploit Chain Detections (#4928)
* adding toolshell attack chain rules for exploit and RCE
* updated query
* added references
* fixed references; linted
* Update rules/network/execution_potential_rce_via_toolshell.toml
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
* Update rules/network/initial_access_potential_toolshell_exploit_attempt.toml
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
* changed to BBR; lowered severity; adjusted queries
* Update rules_building_block/execution_potential_rce_via_toolshell.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* Update rules_building_block/execution_potential_rce_via_toolshell.toml
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
* fixed from and interval failures
* changed file name
---------
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>
|
2025-08-29 15:17:52 -04:00 |
|