[Emerging-Sigs] Interesting Lateral Movement Sigs (not mine)

Jason Williams jwilliams at emergingthreats.net
Wed Aug 7 07:12:59 HDT 2019


Thanks,

We'll take a look and reach out if there's anything we can do on these.



On Mon, Aug 5, 2019 at 5:21 AM Kevin Ross via Emerging-sigs <
emerging-sigs at lists.emergingthreats.net> wrote:

> Hi,
>
> I found these and they seem to work well
> https://github.com/MrAnde7son/Snort/blob/master/local.rules. It might be
> worth with necessary permission seeing if some can be adapted for ET
> rulesets?
>
> Some already exist but there is things like WMI remote code execution,
> remote at jobs, registry etc. that would be great to have in standard
> ruleset if possible.
>
>
> Kind Regards,
> Kevin
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20190807/9e30981a/attachment.html>


More information about the Emerging-sigs mailing list