Sigma rule that monitors suspicious file creations on Exchange servers by the IIS server process | allinfosecnews.com

Oct. 5, 2022, 5:21 a.m. | /u/digicat

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Sigma rules:

[sigma/file\_event\_win\_exchange\_webshell\_drop\_suspicious.yml at master · SigmaHQ/sigma · GitHub](https://github.com/SigmaHQ/sigma/blob/master/rules/windows/file_event/file_event_win_exchange_webshell_drop_suspicious.yml)

Sysmon:

[sysmon-config/sysmonconfig-export.xml at master · Neo23x0/sysmon-config · GitHub](https://github.com/Neo23x0/sysmon-config/blob/master/sysmonconfig-export.xml)

blueteamsec exchange iis process server servers sigma

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

How To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a … 9 hours ago | www.reddit.com

blueteamsec check connections easy +8

Discover Proton Mail registration date with one weird trick… 1 day, 4 hours ago | www.reddit.com

blueteamsec date discover mail +5

NATO Deputy Secretary General: we must be big on cyber defence ambitions 1 day, 7 hours ago | www.reddit.com

big blueteamsec cyber cyber defence +4

YARA is dead, long live YARA-X 1 day, 7 hours ago | www.reddit.com

blueteamsec dead live yara

BSI is suing Microsoft to release information about security disasters 1 day, 12 hours ago | www.reddit.com

blueteamsec bsi disasters information +3

Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets 2 days, 9 hours ago | www.reddit.com

azure blueteamsec employee expose +6

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID 2 days, 9 hours ago | www.reddit.com

blueteamsec cleaning icedid latrodectus +1

Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia 2 days, 11 hours ago | www.reddit.com

australia blueteamsec dns domains +6

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule 3 days, 9 hours ago | www.reddit.com

blueteamsec denial of service down filter +4

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France

View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom

View on infosec-jobs.com