Update win_smbclient_connectivity_exploit_cve_2023_23397_outlook_remote_file.yml

Author: nasbench

rules-emerging-threats/2023/Exploits/CVE-2023-23397/win_smbclient_connectivity_exploit_cve_2023_23397_outlook_remote_file.yml

@@ -4,6 +4,7 @@ status: test
 description: Detects (failed) outbound connection attempts to internet facing SMB servers. This could be a sign of potential exploitation attempts of CVE-2023-23397.
 references:
     - https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/
+    - https://github.com/nasbench/Misc-Research/blob/main/ETW/Microsoft-Windows-SMBClient.md
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023-04-05
 modified: 2025-04-07