Sigma Rules
7 rules found for "@serkinvalery"
Suspicious Teams Application Related ObjectAcess Event
Detects an access to authentication tokens and accounts of Microsoft Teams desktop application.
Active Directory Certificate Services Denied Certificate Enrollment Request
Detects denied requests by Active Directory Certificate Services. Example of these requests denial include issues with permissions on the certificate template or invalid signatures.
No Suitable Encryption Key Found For Generating Kerberos Ticket
Detects errors when a target server doesn't have suitable keys for generating kerberos tickets. This issue can occur for example when a service uses a user account or a computer account that is configured for only DES encryption on a computer that is running Windows 7 which has DES encryption for Kerberos authentication disabled.
Microsoft Teams Sensitive File Access By Uncommon Applications
Detects file access attempts to sensitive Microsoft teams files (leveldb, cookies) by an uncommon process.
Unsigned Module Loaded by ClickOnce Application
Detects unsigned module load by ClickOnce application.
Potentially Suspicious Command Targeting Teams Sensitive Files
Detects a commandline containing references to the Microsoft Teams database or cookies files from a process other than Teams. The database might contain authentication tokens and other sensitive information about the logged in accounts.
ClickOnce Trust Prompt Tampering
Detects changes to the ClickOnce trust prompt registry key in order to enable an installation from different locations such as the Internet.