Rule Library

Sigma Rules

2 rules found for "Den Iuzvyk"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Potential Azure Browser SSO Abuse

Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user.

WindowsImage Load (DLL)

TA0003 · PersistenceTA0005 · Defense EvasionTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking

Den IuzvykWed Jul 15windows

Detectionhightest

Suspicious Camera and Microphone Access

Detects Processes accessing the camera and microphone from suspicious folder

WindowsRegistry Event

TA0009 · CollectionT1125 · Video CaptureT1123 · Audio Capture

Den IuzvykSun Jun 07windows