Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suspicious Browser Launch #4840

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Suspicious Browser Launch #4840

wants to merge 16 commits into from

Conversation

skaynum
Copy link
Contributor

@skaynum skaynum commented Apr 30, 2024
edited

Summary of the Pull Request

Suspicious Browser Launch-Rule detects when the browser process is launched by document processors or readers.

Changelog

new: proc_creation_win_susp_browser_launch

Example Log Event

Relevant Links:
https://app.any.run/tasks/69c5abaa-92ad-45ba-8c53-c11e23e05d04
https://app.any.run/tasks/64043a79-165f-4052-bcba-e6e49f847ec1/

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

skaynum and others added 16 commits November 25, 2023 17:53
@skaynum
Create Rule to detect Process Injection
024315f 
This commit adds a new experimental rule that attempts to detect process injection by utilizing the dd command to inject malicious code in the process memory under /proc/mem
example provided in this project https://github.com/AonCyberLabs/Cexigua/blob/master/overwrite.sh
@skaynum
Merge pull request #1 from skaynum/skaynum-patch-1
c0c5d22 
Create Rule to detect Linux Process Code Injection
@nasbench
Update proc_creation_lnx_dd_process_injection.yml
25d030d
@phantinuss
fix: typo
926a74e
@skaynum
Merge branch 'SigmaHQ:master' into master
5732b3d
@skaynum
Merge branch 'SigmaHQ:master' into master
327d02e
@skaynum
Add files via upload
49a6c8b
@skaynum
Delete rules/windows/file/file_event/file_event_mysql_daemon_executab…
fa8a897 
…le_file_creation.yml

Wrong file name
@skaynum
Add files via upload
b63c4d3
@skaynum
Merge branch 'SigmaHQ:master' into master
b35dc46
@skaynum
Add files via upload
6d359e0
@skaynum
Update file_event_win_outlook_opening_smb_file.yml
21c39f5
@skaynum
Delete rules/windows/file/file_event/file_event_win_outlook_opening_s…
69adf3d 
…mb_file.yml
@skaynum
Merge branch 'SigmaHQ:master' into master
b3e2cc0
@skaynum
Add files via upload
b394a45
@skaynum
Merge branch 'SigmaHQ:master' into master
e1e5d92
@github-actions github-actions bot added Rules Windows Pull request add/update windows related rules labels Apr 30, 2024
@nasbench nasbench added the Work In Progress Some changes are needed label May 2, 2024
@nasbench nasbench self-assigned this May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nasbench nasbench

Labels
Rules Windows Pull request add/update windows related rules Work In Progress Some changes are needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@skaynum @nasbench @phantinuss