Rule Library
Sigma Rules
3 rules found for "Jose Rodriguez"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Exchange Set OabVirtualDirectory ExternalUrl Property
Rule to detect an adversary setting OabVirtualDirectory External URL property to a script in Exchange Management log
Windowsmsexchange-management
TA0003 · PersistenceT1505.003 · Web Shell
Jose RodriguezMon Mar 15windows
Detectionhightest
SMB Create Remote File Admin Share
Look for non-system accounts SMB accessing a file with write (0x2) access mask via administrative share (i.e C$).
Windowssecurity
TA0008 · Lateral MovementT1021.002 · SMB/Windows Admin Shares
Jose Rodriguez+1Thu Aug 06windows
Detectionmediumtest
Enabling COR Profiler Environment Variables
Detects .NET Framework CLR and .NET Core CLR "cor_enable_profiling" and "cor_profiler" variables being set and configured.
WindowsRegistry Set
TA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionT1574.012 · COR_PROFILER
Jose Rodriguez+2Thu Sep 10windows