security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ddddaf37dc34ac52a1ffbafe66978ec8c98e4277
sigma-rules/rules/cross-platform
T
History
Andrew Pease ddddaf37dc [New Rule] Sudo Heap-based Buffer Overflow Vulnerability Attempt (CVE-2021-3156) (#933) 
* initial commit

* adjusted title

* Update rules/cross-platform/privilege_escalation_sudo_buffer_overflow.toml

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>

* updates

* optimized

* added ""'s

* typo around "-s"

* added sudo reference

* changed to threshold

* Update rules/cross-platform/privilege_escalation_sudo_buffer_overflow.toml

* re-lint

Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
2021-02-09 15:02:04 -06:00
..
credential_access_cookies_chromium_browsers_debugging.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
defense_evasion_deleting_websvr_access_logs.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
discovery_security_software_grep.toml
[New Rule] Security Software Discovery using Grep (#743)
2021-01-26 19:57:26 +01:00
execution_pentest_eggshell_remote_admin_tool.toml
[New Rule] EggShell Backdoor Execution (#845)
2021-02-08 22:37:15 +01:00
execution_revershell_via_shell_cmd.toml
[New Rule] Potential Reverse Shell Activity via Terminal (#821)
2021-02-08 22:57:55 +01:00
execution_suspicious_jar_child_process.toml
[New Rule] Suspicious JAR Child Process (#887)
2021-02-08 09:48:48 -05:00
impact_hosts_file_modified.toml
[Rule Tuning] Add windows integration index to rules (#923)
2021-01-28 20:53:57 -09:00
initial_access_zoom_meeting_with_no_passcode.toml
Refresh beats and ecs schemas and default to use latest to validate (#570)
2020-12-01 13:24:20 -09:00
persistence_credential_access_modify_auth_module_or_config.toml
[New Rule] Modification of Standard Authentication Module or Configuration (#745)
2021-02-05 21:23:58 +01:00
persistence_ssh_authorized_keys_modification.toml
[New Rule] SSH Authorized Keys File Modification (#754)
2021-01-26 08:45:38 +01:00
privilege_escalation_echo_nopasswd_sudoers.toml
[New Rule] Privilege Elevation via Sudoers File Modification (#917)
2021-02-09 21:58:31 +01:00
privilege_escalation_setuid_setgid_bit_set_via_chmod.toml
[Rule Tuning] Setuid Bit Set via chmod and Setgid Bit Set via chmod (#875)
2021-02-04 16:29:53 +01:00
privilege_escalation_sudo_buffer_overflow.toml
[New Rule] Sudo Heap-based Buffer Overflow Vulnerability Attempt (CVE-2021-3156) (#933)
2021-02-09 15:02:04 -06:00
privilege_escalation_sudoers_file_mod.toml
[Rule Tuning] Sudoers File Modification (#873)
2021-02-03 17:57:40 +01:00