Yara Rule - Microsoft SharePoint 서버에서 CVE-2023-29357의 성공적인 악용을 나타낼 수있는 로그 항목 감지
Yara 정의.
Yara Rule - Detects log entries that could indicate a successful exploitation of CVE-2023-29357 on Microsoft SharePoint servers
Yara definition.
Author: Florian Roth (with help from @LuemmelSec)
20 */
date = "2023-09-28"
modified = "2023-09-29"
score = 70
$xr1 = /GET \/_vti_bin\/client\.svc\/web\/(siteusers|currentuser) - (80|443) .{10,200} python-requests\/[0-9\.]{3,8} - [^4]/```
[https://github.com/Neo23x0/signature-base/commit/082373da99dcb85783941ea718bb0b452108ed10](https://github.com/Neo23x0/signature-base/commit/082373da99dcb85783941ea718bb0b452108ed10)