Rule Library

Sigma Rules

3 rules found for "Maxime Thiebaut"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Potential AD User Enumeration From Non-Machine Account

Detects read access to a domain user from a non-machine account

Windowssecurity

TA0007 · DiscoveryT1087.002 · Domain Account

Maxime ThiebautMon Mar 30windows

Detectionmediumtest

Desktop.INI Created by Uncommon Process

Detects unusual processes accessing desktop.ini, which can be leveraged to alter how Explorer displays a folder's content (i.e. renaming files) without changing them on disk.

WindowsFile Event

TA0004 · Privilege EscalationTA0003 · PersistenceT1547.009 · Shortcut Modification

Maxime Thiebaut+1Thu Mar 19windows

Detectionhightest

Execution via WorkFolders.exe

Detects using WorkFolders.exe to execute an arbitrary control.exe

WindowsProcess Creation

TA0005 · Defense EvasionT1218 · System Binary Proxy Execution

Maxime ThiebautThu Oct 21windows