Rule Library
Sigma Rules
5 rules found for "Dimitrios Slamaris"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Potentially Suspicious AccessMask Requested From LSASS
Detects process handle on LSASS process with certain access mask
Windowssecurity
TA0006 · Credential Access2019-04-004 · CAR 2019-04-004T1003.001 · LSASS Memory
Roberto Rodriguez (Cyb3rWard0g)+5Fri Nov 01windows
Detectionhightest
DHCP Server Loaded the CallOut DLL
This rule detects a DHCP server in which a specified Callout DLL (in registry) was loaded
Windowssystem
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking
Dimitrios SlamarisMon May 15windows
Detectionhightest
DHCP Server Error Failed Loading the CallOut DLL
This rule detects a DHCP server error in which a specified Callout DLL (in registry) could not be loaded
Windowssystem
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking
Dimitrios SlamarisMon May 15windows
Detectionmediumtest
Potentially Suspicious GrantedAccess Flags On LSASS
Detects process access requests to LSASS process with potentially suspicious access flags
WindowsProcess Access
TA0006 · Credential AccessT1003.001 · LSASS MemoryS0002 · Mimikatz
Florian Roth (Nextron Systems)+9Mon Nov 22windows
Detectionhightest
DHCP Callout DLL Installation
Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the DHCP server (restart required)
WindowsRegistry Set
TA0004 · Privilege EscalationTA0003 · PersistenceTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking+1
Dimitrios SlamarisMon May 15windows