Detects suspicious processes based on name and location that access the browser credential stores which can be the sign of credential stealing
Read MoreDetects suspicious processes based on name and location that access the windows credential manager and vault. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::cred" function
Read MoreDetects suspicious processes based on name and location that access the Windows Credential History File. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::credhist" function
Read MoreDetects suspicious processes based on name and location that access the Windows Data Protection API Master keys. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::masterkey" function
Read More