Samirbous

Results 6 issues of Samirbous

[New] Windows Sandbox with Sensitive Configuration

2 comment

https://blog-en.itochuci.co.jp/entry/2025/03/12/140000

Rule: New
OS: Windows
Domain: Endpoint
backport: auto

[New] RemoteMonologue Attack rules

5 comment

https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions#1 https://github.com/xforcered/RemoteMonologue ![image](https://github.com/user-attachments/assets/867a21ac-ab3b-4289-8aee-95f968a1d0d2)

Rule: New
OS: Windows
Domain: Endpoint
backport: auto

[New] Potential SAP NetWeaver Exploitation rules

9 comment

https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/ https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/

OS: Linux
Rule: New
OS: Windows
backport: auto

[New] Microsoft Entra ID Protection Alert and Device Registration

3 comment

https://github.com/elastic/ia-trade-team/issues/590#issuecomment-2839484140

Integration: Azure
Domain: Cloud Workloads
Rule: New
Integration: Microsoft 365
backport: auto
patch

[New] Multiple Cloud Secrets Accessed by Source Address

10 comment

This rule detects authenticated sessions accessing secret stores across multiple cloud providers from the same source address within a short period of time. Adversaries with access to compromised credentials or...

Rule: New
backport: auto
Domain: Cloud

[New/Tuning] NPM Shai-Hulud coverage

18 comment

https://socket.dev/blog/shai-hulud-strikes-again-v2

OS: Linux
OS: macOS
Rule: New
Rule: Tuning
OS: Windows
backport: auto
emerging-threat