Rule Library

Sigma Rules

2 rules found for "Chad Hudson"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Webshell Detection With Command Line Keywords

Detects certain command line parameters often used during reconnaissance activity via web shells

WindowsProcess Creation

TA0003 · PersistenceTA0007 · DiscoveryT1505.003 · Web ShellT1018 · Remote System Discovery+2

Florian Roth (Nextron Systems)+5Sun Jan 01windows

Emerging Threathighexperimental

CVE-2024-50623 Exploitation Attempt - Cleo

Detects exploitation attempt of Cleo's CVE-2024-50623 by looking for a "cmd.exe" process spawning from the Celo software suite with suspicious Powershell commandline.

WindowsProcess Creation

TA0001 · Initial AccessTA0002 · ExecutionT1190 · Exploit Public-Facing Applicationcve.2024-50623+1

Tanner Filip+3Mon Dec 092024