Rule Library

Sigma Rules

3 rules found for "Subhash Popuri"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Path Traversal Exploitation Attempts

Detects path traversal exploitation attempts

Web Server Log

TA0001 · Initial AccessT1190 · Exploit Public-Facing Application

Subhash Popuri+3Sat Sep 25web

Detectionhightest

HackTool - Powerup Write Hijack DLL

Powerup tool's Write Hijack DLL exploits DLL hijacking for privilege escalation. In it's default mode, it builds a self deleting .bat file which executes malicious command. The detection rule relies on creation of the malicious bat file (debug.bat by default).

WindowsFile Event

TA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionT1574.001 · DLL Search Order Hijacking

Subhash PopuriSat Aug 21windows

Detectionhightest

Potential DLL Sideloading Via comctl32.dll

Detects potential DLL sideloading using comctl32.dll to obtain system privileges

WindowsImage Load (DLL)

TA0005 · Defense EvasionTA0003 · PersistenceTA0004 · Privilege EscalationT1574.001 · DLL Search Order Hijacking

Nasreddine Bencherchali (Nextron Systems)+1Fri Dec 16windows