Rule Library
Sigma Rules
2 rules found for "Chad Hudson"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Webshell Detection With Command Line Keywords
Detects certain command line parameters often used during reconnaissance activity via web shells
WindowsProcess Creation
TA0003 · PersistenceTA0007 · DiscoveryT1505.003 · Web ShellT1018 · Remote System Discovery+2
Florian Roth (Nextron Systems)+5Sun Jan 01windows
Emerging Threathighexperimental
CVE-2024-50623 Exploitation Attempt - Cleo
Detects exploitation attempt of Cleo's CVE-2024-50623 by looking for a "cmd.exe" process spawning from the Celo software suite with suspicious Powershell commandline.
WindowsProcess Creation
TA0001 · Initial AccessTA0002 · ExecutionT1190 · Exploit Public-Facing Applicationcve.2024-50623+1
Tanner Filip+3Mon Dec 092024