Rule Library
Sigma Rules
4 rules found for "John Lambert"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
PowerShell Credential Prompt
Detects PowerShell calling a credential prompt
WindowsPowerShell Script
TA0006 · Credential AccessTA0002 · ExecutionT1059.001 · PowerShell
John Lambert+1Sun Apr 09windows
Detectionhightest
Malicious Base64 Encoded PowerShell Keywords in Command Lines
Detects base64 encoded strings used in hidden malicious PowerShell command lines
WindowsProcess Creation
TA0002 · ExecutionT1059.001 · PowerShell
John LambertWed Jan 16windows
Detectionhightest
Security Service Disabled Via Reg.EXE
Detects execution of "reg.exe" to disable security services such as Windows Defender.
WindowsProcess Creation
TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools
Florian Roth (Nextron Systems)+2Wed Jul 14windows
Emerging Threathightest
Malware Shellcode in Verclsid Target Process
Detects a process access to verclsid.exe that injects shellcode from a Microsoft Office application / VBA macro
WindowsProcess Access
TA0005 · Defense EvasionTA0004 · Privilege EscalationT1055 · Process Injectiondetection.emerging-threats
John Lambert (tech)+1Sat Mar 042017