file_access | Detection.FYI

Suspicious Access To Browser Credential Files
Apr 3, 2023 · attack.t1003 attack.credential_access ·
Share on:
Detects suspicious processes based on name and location that access the browser credential stores which can be the sign of credential stealing

Read More
Credential Manager Access
Feb 17, 2023 · attack.t1003 attack.credential_access ·
Share on:
Detects suspicious processes based on name and location that access the windows credential manager and vault. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::cred" function

Read More
Suspicious Access To Windows Credential History File
Feb 17, 2023 · attack.credential_access attack.t1555.004 ·
Share on:
Detects suspicious processes based on name and location that access the Windows Credential History File. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::credhist" function

Read More
Suspicious Access To Windows DPAPI Master Keys
Feb 17, 2023 · attack.credential_access attack.t1555.004 ·
Share on:
Detects suspicious processes based on name and location that access the Windows Data Protection API Master keys. Which can be a sign of credential stealing. Example case would be usage of mimikatz "dpapi::masterkey" function

Read More