Skip to content

Commit

Permalink
Sigma Rule Update (2023-12-22 20:07:32) (#559)
Browse files Browse the repository at this point in the history 
Co-authored-by: hach1yon <[email protected]>
  • Loading branch information
@github-actions @hach1yon
github-actions[bot] and hach1yon authored Dec 22, 2023
1 parent 868624f commit 0b2f00d
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion sigma/builtin/process_creation/proc_creation_win_reg_nolmhash.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ references:
- https://www.sans.org/blog/protecting-privileged-domain-accounts-lm-hashes-the-good-the-bad-and-the-ugly/
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/12/15
modified: 2023/12/22
tags:
- attack.defense_evasion
- attack.t1112
Expand All @@ -29,7 +30,7 @@ detection:
Channel: Security
selection:
CommandLine|contains|all:
- \System\CurrentControlSet\Control\Lsa\
- \System\CurrentControlSet\Control\Lsa
- NoLMHash
- ' 0'
condition: process_creation and selection
Expand Down
3 changes: 2 additions & 1 deletion sigma/sysmon/process_creation/proc_creation_win_reg_nolmhash.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ references:
- https://www.sans.org/blog/protecting-privileged-domain-accounts-lm-hashes-the-good-the-bad-and-the-ugly/
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/12/15
modified: 2023/12/22
tags:
- attack.defense_evasion
- attack.t1112
Expand All @@ -30,7 +31,7 @@ detection:
Channel: Microsoft-Windows-Sysmon/Operational
selection:
CommandLine|contains|all:
- \System\CurrentControlSet\Control\Lsa\
- \System\CurrentControlSet\Control\Lsa
- NoLMHash
- ' 0'
condition: process_creation and selection
Expand Down

0 comments on commit 0b2f00d

Please sign in to comment.