Techniques
Sample rules
Add Debugger Entry To Hangs Key For Persistence
- source: sigma
- technicques:
Description
Detects when an attacker adds a new “Debugger” value to the “Hangs” key in order to achieve persistence which will get invoked when an application crashes
Detection logic
condition: selection
selection:
TargetObject|contains: \SOFTWARE\Microsoft\Windows\Windows Error Reporting\Hangs\Debugger