A detection rule for the potential exploitation of CVE-2024-56520 an unauthenticated command injection in Progress Kemp LoadMaster.

It needs to look for GET requests to '/access/set' API with the parameters 'param=enableapi' and 'value=1' as well as an "Authorization" header with a base64 encoded value with an uncommon character.

It uses MITRE ATT&CK techniques T1547 and T1190.