Rule Library
Sigma Rules
5 rules found for "Harish Segar"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
PowerShell Downgrade Attack - PowerShell
Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0
WindowsPowerShell Classic
TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShell
Florian Roth (Nextron Systems)+2Wed Mar 22windows
Detectionlowtest
Renamed Powershell Under Powershell Channel
Detects a renamed Powershell execution, which is a common technique used to circumvent security controls and bypass detection logic that's dependent on process names and process paths.
WindowsPowerShell Classic
TA0002 · ExecutionTA0005 · Defense EvasionT1059.001 · PowerShellT1036.003 · Rename System Utilities
Harish Segar+1Mon Jun 29windows
Detectionmediumtest
Potential PowerShell Downgrade Attack
Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShell
Harish SegarFri Mar 20windows
Detectionhightest
Suspicious PowerShell Parent Process
Detects a suspicious or uncommon parent processes of PowerShell
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShell
Teymur Kheirkhabarov+1Fri Mar 20windows
Detectionmediumtest
Suspicious XOR Encoded PowerShell Command
Detects presence of a potentially xor encoded powershell command
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShellT1140 · Deobfuscate/Decode Files or Information+1
Sami Ruohonen+6Wed Sep 05windows