cve.2021.34527 | Detection.FYI

Windows Spooler Service Suspicious Binary Load
Oct 26, 2022 · attack.persistence attack.defense_evasion attack.privilege_escalation attack.t1574 cve.2021.1675 cve.2021.34527 ·
Share on:
Detect DLL Load from Spooler Service backup folder

Read More
Possible PrintNightmare Print Driver Install
Oct 25, 2022 · attack.execution cve.2021.1678 cve.2021.1675 cve.2021.34527 ·
Share on:
Detects the remote installation of a print driver which is possible indication of the exploitation of PrintNightmare (CVE-2021-1675). The occurrence of print drivers being installed remotely via RPC functions should be rare, as print drivers are normally installed locally and or through group policy.

Read More
PrinterNightmare Mimimkatz Driver Name
Oct 9, 2022 · attack.execution attack.t1204 cve.2021.1675 cve.2021.34527 ·
Share on:
Detects static QMS 810 and mimikatz driver name used by Mimikatz as exploited in CVE-2021-1675 and CVE-2021-34527

Read More