CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
83d891b2faaa8fa0be012c34b200950d20a3f307
hayabusa/rules/sigma/powershell/powershell_script/powershell_psattack.yml
itiB 83d891b2fa Feature/rm submodule (#312) 
* rm: submodule

* Add: rules

* Fix: hayabusa-rules to c9c10a
2021-12-20 21:14:32 +09:00

27 lines
594 B
YAML
Raw Blame History

title: PowerShell PSAttack
ruletype: Sigma
author: Sean Metcalf (source), Florian Roth (rule)
date: 2017/03/05
description: Detects the use of PSAttack PowerShell hack tool
detection:
SELECTION_1:
ScriptBlockText: '*PS ATTACK!!!*'
condition: SELECTION_1
falsepositives:
- Pentesters
id: b7ec41a4-042c-4f31-a5db-d0fcde9fa5c5
level: high
logsource:
category: ps_script
definition: Script block logging must be enabled
product: windows
modified: 2021/10/16
references:
- https://adsecurity.org/?p=2921
status: experimental
tags:
- attack.execution
- attack.t1059.001
- attack.t1086
Reference in New Issue View Git Blame Copy Permalink