valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 17:58:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve rule to detect argument shortcut in netsh wlan rule

Browse Source
This commit is contained in:
Andreas Hunkeler 2020-04-20 16:32:25 +02:00 committed by GitHub
parent ba541c3952
commit af498d8a8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml
View File

@ -15,7 +15,7 @@ logsource:
detection:
selection:
CommandLine:
- 'netsh wlan show profile * key=clear'
- 'netsh wlan s* p* key=clear'
condition: selection
falsepositives:
- Legitimate administrator or user uses netsh.exe wlan functionality for legitimate reason