SpamHammer E-mail Attempts

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
This topic is 2 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
  • Print view
    • User avatar
    Adam Crowe
    Posts: 58
    Last visit: Fri Apr 19, 2024 12:28 pm
    Has voted: 3 times
    Been upvoted: 3 times

    SpamHammer E-mail Attempts

    Post by Adam Crowe »

    Testing e-mail posting.
    Top
    User avatar
    Adam Crowe
    Posts: 58
    Last visit: Fri Apr 19, 2024 12:28 pm
    Has voted: 3 times
    Been upvoted: 3 times

    Re: SpamHammer E-mail Attempts

    Post by Adam Crowe »

    These are the rules that my app is trigger:

    5 matches for rule
    Dot net compiler compiles file from suspicious location by Joe Security from Joe Security Rule Set (GitHub)
    Dot net compiler compiles file from suspicious location

    5 matches for rule
    Suspicious Csc.exe Source File Folder by Florian Roth from Sigma Integrated Rule Set (GitHub)
    Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData)

    1 match for rule
    Too Long PowerShell Commandlines by oscd.community, Natalia Shornikova from Sigma Integrated Rule Set (GitHub)
    Detects Too long PowerShell command lines
    Top
    User avatar
    Adam Crowe
    Posts: 58
    Last visit: Fri Apr 19, 2024 12:28 pm
    Has voted: 3 times
    Been upvoted: 3 times

    Re: SpamHammer E-mail Attempts

    Post by Adam Crowe »

    These are the rules that my app is trigger:

    5 matches for rule
    Dot net compiler compiles file from suspicious location by Joe Security from Joe Security Rule Set (GitHub)
    Dot net compiler compiles file from suspicious location

    5 matches for rule
    Suspicious Csc.exe Source File Folder by Florian Roth from Sigma Integrated Rule Set (GitHub)
    Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData)

    1 match for rule
    Too Long PowerShell Commandlines by oscd.community, Natalia Shornikova from Sigma Integrated Rule Set (GitHub)
    Detects Too long PowerShell command lines

    9 matches for rule
    Windows PowerShell Web Request by James Pemberton / @4A616D6573 from Sigma Integrated Rule Set (GitHub)
    Detects the use of various web request methods (including aliases) via Windows PowerShell



    Matches rule PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority from Snort registered user ruleset
    Matches rule TAG_LOG_PKT from Snort registered user ruleset
    Top
    User avatar
    Adam Crowe
    Posts: 58
    Last visit: Fri Apr 19, 2024 12:28 pm
    Has voted: 3 times
    Been upvoted: 3 times

    Re: SpamHammer E-mail Attempts

    Post by Adam Crowe »

    These are the rules that my app is trigger:

    5 matches for rule
    Dot net compiler compiles file from suspicious location by Joe Security from Joe Security Rule Set (GitHub)
    Dot net compiler compiles file from suspicious location

    5 matches for rule
    Suspicious Csc.exe Source File Folder by Florian Roth from Sigma Integrated Rule Set (GitHub)
    Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData)

    1 match for rule
    Too Long PowerShell Commandlines by oscd.community, Natalia Shornikova from Sigma Integrated Rule Set (GitHub)
    Detects Too long PowerShell command lines

    9 matches for rule
    Windows PowerShell Web Request by James Pemberton / @4A616D6573 from Sigma Integrated Rule Set (GitHub)
    Detects the use of various web request methods (including aliases) via Windows PowerShell

    2 matches for rule
    Non Interactive PowerShell by Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements) from Sigma Integrated Rule Set (GitHub)
    Detects non-interactive PowerShell activity by looking at
    Sigma rule cannot be loaded.

    Matches rule PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority from Snort registered user ruleset
    Matches rule TAG_LOG_PKT from Snort registered user ruleset
    Top
    User avatar
    Adam Crowe
    Posts: 58
    Last visit: Fri Apr 19, 2024 12:28 pm
    Has voted: 3 times
    Been upvoted: 3 times

    Re: SpamHammer E-mail Attempts

    Post by Adam Crowe »

    These are the rules that my app is trigger:

    5 matches for rule
    Dot net compiler compiles file from suspicious location by Joe Security from Joe Security Rule Set (GitHub)
    Dot net compiler compiles file from suspicious location

    5 matches for rule
    Suspicious Csc.exe Source File Folder by Florian Roth from Sigma Integrated Rule Set (GitHub)
    Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData)

    1 match for rule
    Too Long PowerShell Commandlines by oscd.community, Natalia Shornikova from Sigma Integrated Rule Set (GitHub)
    Detects Too long PowerShell command lines

    9 matches for rule
    Windows PowerShell Web Request by James Pemberton / @4A616D6573 from Sigma Integrated Rule Set (GitHub)
    Detects the use of various web request methods (including aliases) via Windows PowerShell

    2 matches for rule
    Non Interactive PowerShell by Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements) from Sigma Integrated Rule Set (GitHub)
    Detects non-interactive PowerShell activity by looking at with not explorer.exe as a parent.
    Sigma rule cannot be loaded.

    Matches rule PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority from Snort registered user ruleset
    Matches rule TAG_LOG_PKT from Snort registered user ruleset
    Top
    User avatar
    adamctest2
    Posts: 12
    Last visit: Thu Jul 20, 2023 2:45 pm

    Re: SpamHammer E-mail Attempts

    Post by adamctest2 »

    Test log
    Top
    This topic is 2 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
    Locked
  • Print view

    • Return to “Windows PowerShell”