Skip to content

feat: potential dll side-loading attempt by java process #5544

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 14, 2025
Merged

feat: potential dll side-loading attempt by java process #5544

merged 4 commits into from
Aug 14, 2025

Conversation

swachchhanda000
Copy link
Collaborator

Summary of the Pull Request

Changelog

new: Potential JLI.dll Side-Loading By Java Process

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added Rules Windows Pull request add/update windows related rules labels Jul 25, 2025
phantinuss
phantinuss approved these changes Jul 28, 2025
View reviewed changes
swachchhanda000 and others added 2 commits July 28, 2025 18:51
@swachchhanda000 @phantinuss
Update rules/windows/image_load/image_load_side_load_java_jli.yml
133b1d6 
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
@swachchhanda000
fix: trainiling space issue
51dbf4e
@phantinuss phantinuss added the 2nd Review Needed PR need a second approval label Jul 29, 2025
@frack113 frack113 added Ready to Merge and removed 2nd Review Needed PR need a second approval labels Aug 14, 2025
nasbench
nasbench approved these changes Aug 14, 2025
View reviewed changes
Copy link
Member

@nasbench nasbench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made some changes the title/description as the rule does not specify java, instead it looks for any sideloading of jli

@nasbench nasbench merged commit eeca352 into SigmaHQ:master Aug 14, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phantinuss phantinuss phantinuss approved these changes

@nasbench nasbench nasbench approved these changes

@frack113 frack113 frack113 approved these changes

Assignees
No one assigned
Labels
Ready to Merge Rules Windows Pull request add/update windows related rules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@swachchhanda000 @nasbench @frack113 @phantinuss