Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New rules suggested for AD Container WRITE_DAC & WRITE_OWNER detection + DNS Server DLL injection #4606

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

New rules suggested for AD Container WRITE_DAC & WRITE_OWNER detection + DNS Server DLL injection #4606

wants to merge 8 commits into from
+87 −0

Commits on Nov 30, 2023

  1. win_security_ad_adminsdholder_writedac.yml 

    Detects WRITE_DAC to AdminSDHolder object > possible AdminSDHolder Backdooring
    @woundride
    woundride committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    a69417b View commit details
    Browse the repository at this point in the history

  2. win_security_ad_adminsdholder_writeowner.yml 

    Detects WRITE_OWNER to AdminSDHolder object > possible AdminSDHolder Backdooring
    @woundride
    woundride committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    55e8e27 View commit details
    Browse the repository at this point in the history

Commits on May 8, 2024

  1. Merge branch 'SigmaHQ:master' into master

    @woundride
    woundride committed May 8, 2024
    Configuration menu
    Copy the full SHA
    1de8689 View commit details
    Browse the repository at this point in the history

Commits on May 9, 2024

  1. Update and rename win_security_ad_adminsdholder_writedac.yml to win_s… 

    …ecurity_ad_container_writedac.yml
    @woundride
    woundride committed May 9, 2024
    Configuration menu
    Copy the full SHA
    f11ebb1 View commit details
    Browse the repository at this point in the history

  2. Update and rename win_security_ad_adminsdholder_writeowner.yml to win… 

    …_security_ad_container_writeowner.yml
    @woundride
    woundride committed May 9, 2024
    Configuration menu
    Copy the full SHA
    a30e4c0 View commit details
    Browse the repository at this point in the history

  3. Add files via upload

    @woundride
    woundride committed May 9, 2024
    Configuration menu
    Copy the full SHA
    cf51af9 View commit details
    Browse the repository at this point in the history

  4. Delete rules/windows/builtin/dns_server/win_dns_server_dll_injection_… 

    …failed.yml
    @woundride
    woundride committed May 9, 2024
    Configuration menu
    Copy the full SHA
    c2da446 View commit details
    Browse the repository at this point in the history

  5. Detects Remote DLL injection failed on DNS server

    @woundride
    woundride committed May 9, 2024
    Configuration menu
    Copy the full SHA
    6df8bcb View commit details
    Browse the repository at this point in the history