Rule Library

Sigma Rules

2 rules found for "Stamatis Chatzimangou"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

MSI Installation From Web

Detects installation of a remote msi file from web.

Windowsapplication

TA0005 · Defense EvasionT1218 · System Binary Proxy ExecutionT1218.007 · Msiexec

Stamatis ChatzimangouSun Oct 23windows

Detectionhightest

HackTool - NoFilter Execution

Detects execution of NoFilter, a tool for abusing the Windows Filtering Platform for privilege escalation via hardcoded policy name indicators

Windowssecurity

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1134 · Access Token ManipulationT1134.001 · Token Impersonation/Theft

Stamatis Chatzimangou (st0pp3r)Fri Jan 05windows