Rule Library
Sigma Rules
2 rules found for "@barryshooshooga"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Windows Defender Exclusion List Modified
Detects modifications to the Windows Defender exclusion registry key. This could indicate a potentially suspicious or even malicious activity by an attacker trying to add a new exclusion in order to bypass security.
Windowssecurity
TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools
@barryshooshoogaSat Oct 26windows
Detectionmediumtest
Windows Defender Exclusion Registry Key - Write Access Requested
Detects write access requests to the Windows Defender exclusions registry keys. This could be an indication of an attacker trying to request a handle or access the object to write new exclusions in order to bypass security.
Windowssecurity
TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools
@barryshooshooga+1Sat Oct 26windows