Rule Library
Sigma Rules
3 rules found for "Rich Warren"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectioncriticaltest
Mailbox Export to Exchange Webserver
Detects a successful export of an Exchange mailbox to untypical directory or with aspx name suffix which can be used to place a webshell or the needed role assignment for it
Windowsmsexchange-management
TA0003 · PersistenceT1505.003 · Web Shell
Florian Roth (Nextron Systems)+2Mon Aug 09windows
Emerging Threathightest
Exchange ProxyShell Pattern
Detects URL patterns that could be found in ProxyShell exploitation attempts against Exchange servers (failed and successful)
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationdetection.emerging-threats
Florian Roth (Nextron Systems)+1Sat Aug 072021
Emerging Threatcriticaltest
Successful Exchange ProxyShell Attack
Detects URP patterns and status codes that indicate a successful ProxyShell exploitation attack against Exchange servers
Web Server Log
TA0001 · Initial Accessdetection.emerging-threats
Florian Roth (Nextron Systems)+1Mon Aug 092021