Sigma Rules
16 rules found for "Ömer Günal"
Password Policy Discovery - Linux
Detects password policy discovery commands
System and Hardware Information Discovery
Detects system information discovery commands
Remote File Copy
Detects the use of tools that copy files from or to remote systems
Disabling Security Tools - Builtin
Detects disabling security tools
Scheduled Task/Job At
Detects the use of at/atd which are utilities that are used to schedule tasks. They are often abused by adversaries to maintain persistence or to perform task scheduling for initial or recurring execution of malicious code
Clear Linux Logs
Detects attempts to clear logs on the system. Adversaries may clear system logs to hide evidence of an intrusion
File Deletion
Detects file deletion using "rm", "shred" or "unlink" commands which are used often by adversaries to delete files left behind by the actions of their intrusion activity
Install Root Certificate
Detects installation of new certificate on the system which attackers may use to avoid warnings when connecting to controlled web servers or C2s
Local Groups Discovery - Linux
Detects enumeration of local system groups. Adversaries may attempt to find local system groups and permission settings
Connection Proxy
Detects setting proxy configuration
Disabling Security Tools
Detects disabling security tools
Setuid and Setgid
Detects suspicious change of file privileges with chown and chmod commands
System Information Discovery
Detects system information discovery commands
System Network Discovery - Linux
Detects enumeration of local network configuration
Local Groups Discovery - MacOs
Detects enumeration of local system groups
Process Discovery
Detects process discovery commands. Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network