Rule Library
Sigma Rules
5 rules found for "Nik Seetharaman"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhighstable
CMSTP Execution Process Access
Detects various indicators of Microsoft Connection Manager Profile Installer execution
WindowsProcess Access
TA0005 · Defense EvasionT1218.003 · CMSTPTA0002 · ExecutionT1559.001 · Component Object Model+3
Nik SeetharamanMon Jul 16windows
Detectionhighstable
CMSTP Execution Process Creation
Detects various indicators of Microsoft Connection Manager Profile Installer execution
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1218.003 · CMSTPG0069 · G0069+1
Nik SeetharamanMon Jul 16windows
Detectionhighstable
CMSTP UAC Bypass via COM Object Access
Detects UAC Bypass Attempt Using Microsoft Connection Manager Profile Installer Autoelevate-capable COM Objects (e.g. UACMe ID of 41, 43, 58 or 65)
WindowsProcess Creation
TA0002 · ExecutionTA0005 · Defense EvasionTA0004 · Privilege EscalationT1548.002 · Bypass User Account Control+3
Nik Seetharaman+1Wed Jul 31windows
Detectionhighstable
CMSTP Execution Registry Event
Detects various indicators of Microsoft Connection Manager Profile Installer execution
WindowsRegistry Event
TA0005 · Defense EvasionTA0002 · ExecutionT1218.003 · CMSTPG0069 · G0069+1
Nik SeetharamanMon Jul 16windows
Threat Huntmediumtest
Microsoft Workflow Compiler Execution
Detects the execution of Microsoft Workflow Compiler, which may permit the execution of arbitrary unsigned code.
WindowsProcess Creation
TA0005 · Defense EvasionTA0002 · ExecutionT1127 · Trusted Developer Utilities Proxy ExecutionT1218 · System Binary Proxy Execution+1
Nik Seetharaman+1Wed Jan 16windows