Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create new rule - Potential SSH Tunnel Persistence Install Using A Scheduled Task #5146

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Prev Previous commit
Next Next commit
Update proc_creation_win_schtasks_openssh_tunnelling.yml
Updated spelling mistake
resp404nse committed Dec 30, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 2c5fa2eab6b7f55f3bdbaeaa469174a46c0930f3
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title: Potential SSH Tunnel Persistance Install Using A Scheduled Task
title: Potential SSH Tunnel Persistence Install Using A Scheduled Task
id: 2daa93a0-a5fb-41c5-8cd8-3c11294bfd1f
status: experimental
description: Detects the creation of new scheduled tasks via commandline, using Schtasks.exe. This rule detects tasks creating that call OpenSSH, which may indicate the creation of Reverse SSH Tunnel to an attackers server.