SID 1:648

Report a false positive

Rule Category

INDICATOR-SHELLCODE --

Alert Message

INDICATOR-SHELLCODE x86 NOOP

Rule Explanation

This rule checks for the presence of shellcode noop that can be used for exploitation

What To Look For

This rule alerts on shellcode noop

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Privilege Escalation::Process Injection

Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.

CVE

None

Rule Vulnerability

No information provided

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

None