security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e57cf31867bd074098cae6a52d606d86310aa32d
sigma-rules/detection_rules
T
History
Samirbous ca7a148f5a [New rule] Remote Computer Account DnsHostName Update (#1962) 
* [New rule] Remote Computer Account DnsHostName Update

Identifies remote update to a computer account DnsHostName attribute, if the new value is set a valid domain controller DNS hostname and the subject computer name is not a domain controller then it's high likely a preparation step to exploit CVE-2022-26923 in an attempt to elevate privileges from a standard domain user to domain admin privileges :

* added MS ref url

* Update rules/windows/privilege_escalation_suspicious_dnshostname_update.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

* Update rules/windows/privilege_escalation_suspicious_dnshostname_update.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

(cherry picked from commit 19ff825a91)
2022-05-11 17:42:44 +00:00
..
etc
[New rule] Remote Computer Account DnsHostName Update (#1962)
2022-05-11 17:42:44 +00:00
schemas
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 20:32:29 +00:00
__init__.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
__main__.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
attack.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
beats.py
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
cli_utils.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
devtools.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 20:32:29 +00:00
docs.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
ecs.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
eswrap.py
Update elasticsearch dependency to 8.1 (#1911)
2022-04-06 19:54:26 +00:00
ghwrap.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
kbwrap.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
main.py
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
mappings.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
misc.py
Remove deprecated elasticsearch parameter (#1913)
2022-04-12 20:08:06 +00:00
mixins.py
Validate version lock and deprecation files on load and save (#1884)
2022-04-27 06:19:24 +00:00
ml.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
navigator.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
packaging.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
rule_formatter.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
rule_loader.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 20:32:29 +00:00
rule_validators.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
rule.py
Expand timestamp override tests (#1907)
2022-04-01 23:28:54 +00:00
semver.py
Linux Shell Evasion Rule Tuning (#1878)
2022-03-29 21:03:35 -04:00
utils.py
Move etc under detection_rules (#1885)
2022-05-02 14:13:36 +00:00
version_lock.py
Add delta command to determine changes to endpoint rules between tags (#1943)
2022-05-03 20:32:29 +00:00