Rule Library

Sigma Rules

4 rules found for "Max Altgelt (Nextron Systems)"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Emerging Threatcriticaltest

CVE-2021-33766 Exchange ProxyToken Exploitation

Detects the exploitation of Microsoft Exchange ProxyToken vulnerability as described in CVE-2021-33766

TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2021-33766detection.emerging-threats

Florian Roth (Nextron Systems)+2Mon Aug 302021

Emerging Threathightest

ADSelfService Exploitation

Detects suspicious access to URLs that was noticed in cases in which attackers exploitated the ADSelfService vulnerability CVE-2021-40539

cve.2021-40539detection.emerging-threatsTA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Tobias Michalski+1Mon Sep 202021

Emerging Threathightest

Conti Volume Shadow Listing

Detects a command used by conti to find volume shadow backups

WindowsProcess Creation

T1587.001 · MalwareTA0042 · Resource Developmentdetection.emerging-threats

Max Altgelt (Nextron Systems)+1Mon Aug 092021

Emerging Threathightest

Conti NTDS Exfiltration Command

Detects a command used by conti to exfiltrate NTDS

WindowsProcess Creation

TA0009 · CollectionT1560 · Archive Collected Datadetection.emerging-threats

Max Altgelt (Nextron Systems)+1Mon Aug 092021