Rule Library
Sigma Rules
2 rules found for "Darin Smith"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
AWS ECS Task Definition That Queries The Credential Endpoint
Detects when an Elastic Container Service (ECS) Task Definition includes a command to query the credential endpoint. This can indicate a potential adversary adding a backdoor to establish persistence or escalate privileges.
AWScloudtrail
TA0003 · PersistenceT1525 · Implant Internal Image
Darin SmithTue Jun 07cloud
Detectionmediumtest
AWS Snapshot Backup Exfiltration
Detects the modification of an EC2 snapshot's permissions to enable access from another account
AWScloudtrail
TA0010 · ExfiltrationT1537 · Transfer Data to Cloud Account
Darin SmithMon May 17cloud