valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update win_exploit_cve_2019_1388.yml

Browse Source 
French language settings
This commit is contained in:
mlp1515 2021-08-26 12:41:36 +00:00 committed by GitHub
parent f277ecbbeb
commit 644397e65c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
rules/windows/process_creation/win_exploit_cve_2019_1388.yml
View File

@ -7,6 +7,7 @@ references:
- https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
author: Florian Roth
date: 2019/11/20
modified: 2021/08/26
tags:
- attack.privilege_escalation
- attack.t1068
@ -21,7 +22,9 @@ detection:
rights1:
IntegrityLevel: 'System' # for Sysmon users
rights2:
User: 'NT AUTHORITY\SYSTEM' # for non-Sysmon users - English language settings
User|startswith:
- 'NT AUTHORITY\SYSTEM' # for non-Sysmon users - English language settings
- 'AUTORITE NT\Sys' # French language settings
condition: selection and ( rights1 or rights2 )
falsepositives:
- Unknown