Techniques
Sample rules
Weak or Abused Passwords In CLI
- source: sigma
- technicques:
Description
Detects weak passwords or often abused passwords (seen used by threat actors) via the CLI. An example would be a threat actor creating a new user via the net command and providing the password inline
Detection logic
condition: selection
selection:
CommandLine|contains:
- '123456789'
- 123123qwE
- Asd123.aaaa
- Decryptme
- P@ssw0rd!
- Pass8080
- password123
- test@202