admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed

Browse Source 
fixed
This commit is contained in:
huoji
2022-09-23 15:21:33 +08:00
parent 011496349a
commit d5b88c7a01
8 changed files with 54 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Server/rules/py/ioa/action.py
View File

@@ -1,4 +1,12 @@
rule = [
{
'rules': [
'action == "processaccess" and targetimage =~ ".*lsass.exe"',
],
'attck_hit':['T1003'],
'score': 100,
'name': 'OS Credential Dumping: LSASS Memory'
},
{
'rules': [
'action == "processaccess" and targetimage =~ ".*lsass.exe" and grantedaccess & 0x0010 and sourceimage =~ ".*rundll32.exe"',