Rule Library
Sigma Rules
2 rules found for "Hugh Ryan (HueCodes)"
3,711Total
3,120Detection
451Emerging
137Hunting
Detectionhighexperimental
Python One-Liners with Base64 Decoding - Linux
Detects the use of Python's base64 decoding functions in command line executions on Linux systems. Malicious scripts often use python one-liners to decode and execute base64-encoded payloads, which is a common technique for obfuscation and evasion.
LinuxProcess Creation
TA0002 · ExecutionT1059.006 · PythonTA0005 · Defense EvasionT1027.010 · Command Obfuscation
Hugh Ryan (HueCodes)+1Mon Mar 09linux
Detectionhighexperimental
Python One-Liners with Base64 Decoding
Detects Python one-liners that use base64 decoding functions in command line executions. Malicious scripts or attackers often use python one-liners to decode and execute base64-encoded payloads, which is a common technique for obfuscation and evasion.
WindowsProcess Creation
TA0002 · ExecutionT1059.006 · PythonTA0005 · Defense EvasionT1027.010 · Command Obfuscation
Hugh Ryan (HueCodes)+1Mon Mar 09windows