Sigma Rules
11 rules found for "Sittikorn S"
AWS EC2 Disable EBS Encryption
Identifies disabling of default Amazon Elastic Block Store (EBS) encryption in the current region. Disabling default encryption does not change the encryption status of your existing volumes.
AWS SecurityHub Findings Evasion
Detects the modification of the findings on SecurityHub.
Linux Doas Conf File Creation
Detects the creation of doas.conf file in linux host platform.
Linux Doas Tool Execution
Detects the doas tool execution in linux host platform. This utility tool allow standard users to perform tasks as root, the same way sudo does.
KrbRelayUp Service Installation
Detects service creation from KrbRelayUp tool used for privilege escalation in Windows domain environments where LDAP signing is not enforced (the default settings)
HackTool - Certipy Execution
Detects Certipy execution, a tool for Active Directory Certificate Services enumeration and abuse based on PE metadata characteristics and common command line arguments.
PUA - Rclone Execution
Detects execution of RClone utility for exfiltration as used by various ransomwares strains like REvil, Conti, FiveHands, etc
Renamed MegaSync Execution
Detects the execution of a renamed MegaSync.exe as seen used by ransomware families like Nefilim, Sodinokibi, Pysa, and Conti.
Script Event Consumer Spawning Process
Detects a suspicious child process of Script Event Consumer (scrcons.exe).
Potential Process Hollowing Activity
Detects when a memory process image does not match the disk image, indicative of process hollowing.
Removal Of SD Value to Hide Schedule Task - Registry
Remove SD (Security Descriptor) value in \Schedule\TaskCache\Tree registry hive to hide schedule task. This technique is used by Tarrask malware