Dumpper-jumpstart ✨ 🔖

rule Dumpper_Jumpstart strings: $s1 = "netsh wlan show profiles" wide ascii $s2 = "WPS PIN" wide ascii $s3 = "Jumpstart" wide ascii $s4 = "default password list" wide ascii condition: (uint16(0) == 0x5A4D) and (any of ($s1,$s2,$s3,$s4))

6.5/10 High risk if user has admin rights + router has WPS enabled + default credentials unchanged. End of Report dumpper-jumpstart