See matching posts in thread - Access-Control-Allow...
See matching posts in thread - multiple Access-Control-......Hell...
See matching posts in thread - CORS header 'Access-Control-...
See matching posts in thread - No 'Access-Control-Allo...
See matching posts in thread - Cross-Origin Request Blocked - ...
See matching posts in thread - COMMAND CENTER API + Access-Control...
Depending on the policies in place on your endpoints, this method may allow for an adversary to bypass application white-listing configurations. False Positives : Low Recommended Score: Number (1-100) 75 Query: process name:msiexec.exe cmdline:"/i" (cmdline:"http:" OR cmdline:"https:") URL Query: cb.urlver=1&q=(process name%3Amsiexec.exe%20cmdline%3A%22%2Fi%22%20(cmdline%3A%22http%3A%22%20OR%20cmdline%3A%22https%3A%22))
3 Comments - no search term matches found in comments.
See matching posts in thread - No Access-Control-Allow...
Supporting Link: Threat: Query is looking for usage of net.exe or net1.exe command to view domain admins, groups and the like to spread laterally False Positives : Nil but there could be legit admin usage Recommended Score: Number (1-100) 99 Query (example): (process name:net.exe OR process name:net1.exe) AND (cmdline:"group /domain \"Domain Admins\"" OR cmdline:"group /domain \"Enterprise Admins\"" OR cmdline:"group /domain \"Enterprise Administrators\"" OR cmdline:"group /domain \"Domain Administrators\"" OR cmdline:"view /domain" OR cmdline:"localgroup /domain \"Administrators\"" OR cmdline:"localgroup /domain \"Account Operators\"") URL Query (example) : cb.urlver=1&q=((process name%3Anet.exe%20OR%20process name%3Anet1.exe)%20AND%20(cmdline%3A%22group%20%2Fdomain%20%5C%22Domain%20Admins%5C%22%22%20OR%20cmdline%3A%22group%20%2Fdomain%20%5C%22Enterprise%20Admins%5C%22%22%20OR%20cmdline%3A%22group%20%2Fdomain%20%5C%22Enterprise%20Administrators%5C%22%22%20OR%20cmdline%3A%22group%20%2Fdomain%20%5C%22Domain%20Administrators%5C%22%22%20OR%20cmdline%3A%22view%20%2Fdomain%22%20OR%20cmdline%3A%22localgroup%20%2Fdomain%20%5C%22Administrators%5C%22%22%20OR%20cmdline%3A%22localgroup%20%2Fdomain%20%5C%22Account%20Operators%5C%22%22))&sort=&rows=10&start=0 Be sure to set the correct Category below and add Tags that are appropriate
\pipe\") OR (filemod:*\appdata\local\temp\*.dll AND netconn count:[1 TO *] AND -digsig result:"Signed")) URL Query (example) : cb.urlver=1&q=((cmdline%3A%22%2Fc%20echo%22%20AND%20cmdline%3A%22%5C%5C.%5Cpipe%5C%22)%20OR%20(filemod%3A*%5Cappdata%5Clocal%5Ctemp%5C*.dll%20AND%20netconn count%3A%5B1%20TO%20*%5D%20AND%20-digsig result%3A%22Signed%22))&sort=&rows=10&start=0&shared=true Cb Process Tree (attach CB Art here if you have it) (example) : Be sure to set the correct Category below and add Tags that are appropriate