sigma-rules

security-tools/sigma-rules

Fork 0

Commit Graph

Author	SHA1	Message	Date
Samirbous	7978b3cc9e	[New Rule] Potential JAVA/JNDI Exploitation Attempt (#1658 ) * [New Rule] Potential JAVA/JNDI Exploitation Attempt Identifies an outbound network connection by JAVA to LDAP, RMI or DNS standard ports followed by a suspicious JAVA child processes. This may indicate an attempt to exploit a JAVA/DNI injection vulnerability. * rule ID * expanded JAVA/DNI to Java Naming and Directory Interface * added ruby and php to list of suspchildprocs * Update execution_suspicious_java_netcon_childproc.toml Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com> Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>	2021-12-10 16:06:30 -09:00

Author

SHA1

Message

Date

Samirbous

7978b3cc9e

[New Rule] Potential JAVA/JNDI Exploitation Attempt (#1658 )

* [New Rule] Potential JAVA/JNDI Exploitation Attempt

Identifies an outbound network connection by JAVA to LDAP, RMI or DNS standard ports followed by a suspicious JAVA child processes. This may indicate an attempt to exploit a JAVA/DNI injection vulnerability.

* rule ID

* expanded JAVA/DNI to Java Naming and Directory Interface

* added ruby and php to list of suspchildprocs

* Update execution_suspicious_java_netcon_childproc.toml

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

2021-12-10 16:06:30 -09:00

1 Commits