Rule Library

Sigma Rules

4 rules found for "Maxime Thiebaut"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Potential AD User Enumeration From Non-Machine Account

Detects read access to a domain user from a non-machine account

Windowssecurity

TA0007 · DiscoveryT1087.002 · Domain Account

Maxime ThiebautMon Mar 30windows

Detectionmediumtest

Desktop.INI Created by Uncommon Process

Detects unusual processes accessing desktop.ini, which can be leveraged to alter how Explorer displays a folder's content (i.e. renaming files) without changing them on disk.

WindowsFile Event

TA0004 · Privilege EscalationTA0003 · PersistenceT1547.009 · Shortcut Modification

Maxime Thiebaut+1Thu Mar 19windows

Detectionhightest

Execution via WorkFolders.exe

Detects using WorkFolders.exe to execute an arbitrary control.exe

WindowsProcess Creation

TA0005 · Defense EvasionT1218 · System Binary Proxy Execution

Maxime ThiebautThu Oct 21windows

Emerging Threathightest

Suspicious RazerInstaller Explorer Subprocess

Detects a explorer.exe sub process of the RazerInstaller software which can be invoked from the installer to select a different installation folder but can also be exploited to escalate privileges to LOCAL SYSTEM

WindowsProcess Creation

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1553 · Subvert Trust Controlsdetection.emerging-threats

Florian Roth (Nextron Systems)+1Mon Aug 232021