Rule Library

Sigma Rules

3 rules found for "John Lambert"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionhightest

PowerShell Credential Prompt

Detects PowerShell calling a credential prompt

WindowsPowerShell Script

TA0006 · Credential AccessTA0002 · ExecutionT1059.001 · PowerShell

John Lambert+1Sun Apr 09windows

Detectionhightest

Malicious Base64 Encoded PowerShell Keywords in Command Lines

Detects base64 encoded strings used in hidden malicious PowerShell command lines

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShell

John LambertWed Jan 16windows

Detectionhightest

Security Service Disabled Via Reg.EXE

Detects execution of "reg.exe" to disable security services such as Windows Defender.

WindowsProcess Creation

TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools

Florian Roth (Nextron Systems)+2Wed Jul 14windows