valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_interactive_at.yml

Browse Source
This commit is contained in:
yugoslavskiy 2019-11-11 04:06:37 +03:00 committed by GitHub
parent e18ff0b9f9
commit 119a3417c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/windows/process_creation/win_interactive_at.yml
View File

@ -1,7 +1,10 @@
title: Interactive AT Job
description: Detect an interactive AT job, which may be used as a form of privilege escalation.
description: Detect an interactive AT job, which may be used as a form of privilege escalation
status: experimental
author: E.M. Anhaus (orignally from Atomic Blue Detections, Endgame), oscd.community
references:
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053/T1053.yaml
- https://eqllib.readthedocs.io/en/latest/analytics/d8db43cf-ed52-4f5c-9fb3-c9a4b95a0b56.html
date: 2019/10/24
modified: 2019/11/11
tags: