Detects POST requests to the F5 BIG-IP iControl Rest API "bash" endpoint, which allows the execution of commands on the BIG-IP

Read More

Detects XSS attempts injected via GET requests in access logs

Read More

Detects possible Java payloads in web access logs

Read More

Detects exploitation attempt using the JNDI-Exploit-Kit

Read More

Detects path traversal exploitation attempts

Read More

Detects SSTI attempts sent via GET requests in access logs

Read More

Detects source code enumeration that use GET requests by keyword searches in URL strings

Read More

Detects potential SQL injection attempts via GET requests in access logs.

Read More

When IIS uses an old .Net Framework it's possible to enumerate folders with the symbol "~"

Read More

Detects known suspicious (default) user-agents related to scanning/recon tools

Read More

Detects suspicious Windows strings in URI which could indicate possible exfiltration or webshell communication

Read More

Certain strings in the uri_query field when combined with null referer and null user agent can indicate activity associated with the webshell ReGeorg.

Read More

Detects common commands used in Windows webshells

Read More