Update win_impacket_psexec.yml

Open amjcyber opened this issue 3 years ago • 1 comments

Based on recent tests, the original RelativeTargetName from this rule are not accurate. The last "t" from each selection must be deleted in order to detect the predefined impacket psexec behavior.

Sep 18 '22 13:09 amjcyber

Hi , Good catch modified must be update to 2022/09/18 contains can be change to endswith as the parttern is " *-stdin or *-stdout or *-stderr"

$frack113 avatar$ Sep 18 '22 15:09 frack113