Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

15 rules found for "Ömer Günal"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionlowstable

Password Policy Discovery - Linux

Detects password policy discovery commands

Linuxauditd
TA0007 · DiscoveryT1201 · Password Policy Discovery
Ömer Günal+2Thu Oct 08linux
Detectioninformationalstable

System and Hardware Information Discovery

Detects system information discovery commands

Linuxauditd
TA0007 · DiscoveryT1082 · System Information Discovery
Ömer Günal+1Thu Oct 08linux
Detectionlowstable

Remote File Copy

Detects the use of tools that copy files from or to remote systems

Linux
TA0011 · Command and ControlTA0008 · Lateral MovementT1105 · Ingress Tool Transfer
Ömer GünalThu Jun 18linux
Detectionmediumtest

Disabling Security Tools - Builtin

Detects disabling security tools

Linuxsyslog
TA0005 · Defense EvasionT1562.004 · Disable or Modify System Firewall
Ömer Günal+2Wed Jun 17linux
Detectionlowstable

Scheduled Task/Job At

Detects the use of at/atd which are utilities that are used to schedule tasks. They are often abused by adversaries to maintain persistence or to perform task scheduling for initial or recurring execution of malicious code

LinuxProcess Creation
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceT1053.002 · At
Ömer Günal+1Tue Oct 06linux
Detectionmediumstable

Clear Linux Logs

Detects attempts to clear logs on the system. Adversaries may clear system logs to hide evidence of an intrusion

LinuxProcess Creation
TA0005 · Defense EvasionT1070.002 · Clear Linux or Mac System Logs
Ömer Günal+1Wed Oct 07linux
Detectioninformationalstable

File Deletion

Detects file deletion using "rm", "shred" or "unlink" commands which are used often by adversaries to delete files left behind by the actions of their intrusion activity

LinuxProcess Creation
TA0005 · Defense EvasionT1070.004 · File Deletion
Ömer Günal+1Wed Oct 07linux
Detectionlowtest

Install Root Certificate

Detects installation of new certificate on the system which attackers may use to avoid warnings when connecting to controlled web servers or C2s

LinuxProcess Creation
TA0005 · Defense EvasionT1553.004 · Install Root Certificate
Ömer Günal+1Mon Oct 05linux
Detectionlowtest

Local Groups Discovery - Linux

Detects enumeration of local system groups. Adversaries may attempt to find local system groups and permission settings

LinuxProcess Creation
TA0007 · DiscoveryT1069.001 · Local Groups
Ömer Günal+2Sun Oct 11linux
Detectionlowtest

Connection Proxy

Detects setting proxy configuration

LinuxProcess Creation
TA0005 · Defense EvasionTA0011 · Command and ControlT1090 · Proxy
Ömer GünalWed Jun 17linux
Detectionmediumtest

Disabling Security Tools

Detects disabling security tools

LinuxProcess Creation
TA0005 · Defense EvasionT1562.004 · Disable or Modify System Firewall
Ömer Günal+2Wed Jun 17linux
Detectionlowtest

Setuid and Setgid

Detects suspicious change of file privileges with chown and chmod commands

LinuxProcess Creation
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1548.001 · Setuid and Setgid
Ömer GünalTue Jun 16linux
Detectioninformationalstable

System Information Discovery

Detects system information discovery commands

LinuxProcess Creation
TA0007 · DiscoveryT1082 · System Information Discovery
Ömer Günal+1Thu Oct 08linux
Detectioninformationaltest

System Network Discovery - Linux

Detects enumeration of local network configuration

LinuxProcess Creation
TA0007 · DiscoveryT1016 · System Network Configuration Discovery
Ömer Günal and remotephone+1Tue Oct 06linux
Detectioninformationaltest

Local Groups Discovery - MacOs

Detects enumeration of local system groups

macOSProcess Creation
TA0007 · DiscoveryT1069.001 · Local Groups
Ömer Günal+2Sun Oct 11macos