Rule Library
Sigma Rules
4 rules found for "Subhash Popuri"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
Path Traversal Exploitation Attempts
Detects path traversal exploitation attempts
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Application
Subhash Popuri+3Sat Sep 25web
Detectionhightest
HackTool - Powerup Write Hijack DLL
Powerup tool's Write Hijack DLL exploits DLL hijacking for privilege escalation. In it's default mode, it builds a self deleting .bat file which executes malicious command. The detection rule relies on creation of the malicious bat file (debug.bat by default).
WindowsFile Event
TA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking
Subhash PopuriSat Aug 21windows
Detectionhightest
Potential DLL Sideloading Via comctl32.dll
Detects potential DLL sideloading using comctl32.dll to obtain system privileges
WindowsImage Load (DLL)
TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking
Nasreddine Bencherchali (Nextron Systems)+1Fri Dec 16windows
Emerging Threatcriticaltest
CVE-2010-5278 Exploitation Attempt
MODx manager - Local File Inclusion:Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
Web Server Log
TA0001 · Initial AccessT1190 · Exploit Public-Facing Applicationcve.2010-5278detection.emerging-threats
Subhash PopuriWed Aug 252010