Rule Library

Sigma Rules

3 rules found for "Lee Holmes"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

PowerShell Downgrade Attack - PowerShell

Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0

WindowsPowerShell Classic

TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShell

Florian Roth (Nextron Systems)+2Wed Mar 22windows

Detectionhightest

Malicious Base64 Encoded PowerShell Keywords in Command Lines

Detects base64 encoded strings used in hidden malicious PowerShell command lines

WindowsProcess Creation

TA0002 · ExecutionT1059.001 · PowerShell

John LambertWed Jan 16windows

Detectionmediumtest

Potential PowerShell Downgrade Attack

Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0

WindowsProcess Creation

TA0005 · Defense EvasionTA0002 · ExecutionT1059.001 · PowerShell

Harish SegarFri Mar 20windows