open-menu
closeme
Cisco BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Cisco LDP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Copy Passwd Or Shadow From TMP Path
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Github High Risk Configuration Disabled
calendar
Dec 1, 2023
·
attack.credential_access
attack.defense_evasion
attack.persistence
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
HackTool - HandleKatz LSASS Dumper Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Inveigh Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelay Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - KrbRelayUp Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1558.003
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SafetyKatz Execution
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Huawei BGP Authentication Failures
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Juniper BGP Missing MD5
calendar
Dec 1, 2023
·
attack.initial_access
attack.persistence
attack.privilege_escalation
attack.defense_evasion
attack.credential_access
attack.collection
attack.t1078
attack.t1110
attack.t1557
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Service Account Password Dumped
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Mount Execution With Hidepid Parameter
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1564
·
Share on:
twitter
facebook
linkedin
copy
New Generic Credentials Added Via Cmdkey.EXE
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - CLI
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
SQLite Chromium Profile Data DB Access
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1539
attack.t1555.003
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
SQLite Firefox Profile Data DB Access
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1539
attack.collection
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - Imphash
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Hacktool Execution - PE Metadata
calendar
Dec 1, 2023
·
attack.credential_access
attack.t1588.002
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious EventLog Recon Activity Using Log Query Utilities
calendar
Nov 20, 2023
·
attack.credential_access
attack.discovery
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
Findstr GPP Passwords
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Reconnaissance Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Permission Misconfiguration Reconnaissance Via Findstr.EXE
calendar
Nov 15, 2023
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
NotPetya Ransomware Activity
calendar
Nov 10, 2023
·
attack.defense_evasion
attack.t1218.011
attack.t1070.001
attack.credential_access
attack.t1003.001
car.2016-04-002
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - ProccessCreation
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
AADInternals PowerShell Cmdlets Execution - PsScript
calendar
Nov 2, 2023
·
attack.execution
attack.reconnaissance
attack.discovery
attack.credential_access
attack.impact
·
Share on:
twitter
facebook
linkedin
copy
Browser Started with Remote Debugging
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Connection Strings Decryption
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Stealing Via Chromium Headless Debugging
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1185
·
Share on:
twitter
facebook
linkedin
copy
Potential Keylogger Activity
calendar
Nov 2, 2023
·
attack.collection
attack.credential_access
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Credential Dumping Activity
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Potential SAM Database Dump
calendar
Nov 2, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Potential Suspicious Activity Using SeCEdit
calendar
Nov 2, 2023
·
attack.discovery
attack.persistence
attack.defense_evasion
attack.credential_access
attack.privilege_escalation
attack.t1562.002
attack.t1547.001
attack.t1505.005
attack.t1556.002
attack.t1562
attack.t1574.007
attack.t1564.002
attack.t1546.008
attack.t1546.007
attack.t1547.014
attack.t1547.010
attack.t1547.002
attack.t1557
attack.t1082
·
Share on:
twitter
facebook
linkedin
copy
Adding, Listing and Removing Credentials via Cmdkey CommandLine Ultility
calendar
Oct 30, 2023
·
attack.credential_access
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
Access To Browser Credential Files By Uncommon Application
calendar
Oct 28, 2023
·
attack.t1003
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Use of Legacy Authentication Protocols
calendar
Oct 28, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
New Okta User Created
calendar
Oct 28, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Okta 2023 Breach Indicator Of Compromise
calendar
Oct 28, 2023
·
attack.credential_access
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Okta Admin Functions Access Through Proxy
calendar
Oct 28, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Potential Okta Password in AlternateID Field
calendar
Oct 28, 2023
·
attack.credential_access
attack.t1552
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits by Sourgum
calendar
Oct 26, 2023
·
attack.credential_access
attack.t1566
attack.t1203
cve.2021.33771
cve.2021.31979
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM Artefacts - Builtin
calendar
Oct 26, 2023
·
attack.credential_access
attack.command_and_control
attack.t1071
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential SPN Enumeration Via Setspn.EXE
calendar
Oct 23, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Creation Via Taskmgr.EXE
calendar
Oct 19, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Replication from Non Machine Account
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Anonymous IP Address
calendar
Oct 18, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Antivirus Password Dumper Detection
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003
attack.t1558
attack.t1003.001
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Capture Credentials with Rpcping.exe
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Cred Dump Tools Dropped Files
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.001
attack.t1003.002
attack.t1003.003
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
CredUI.DLL Loaded By Uncommon Process
calendar
Oct 18, 2023
·
attack.credential_access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for Credentials in Registry
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
External Remote RDP Logon from Public IP
calendar
Oct 18, 2023
·
attack.initial_access
attack.credential_access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
External Remote SMB Logon from Public IP
calendar
Oct 18, 2023
·
attack.initial_access
attack.credential_access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
GALLIUM IOCs
calendar
Oct 18, 2023
·
attack.credential_access
attack.command_and_control
attack.t1212
attack.t1071
attack.g0093
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Mimikatz Execution
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Rubeus Execution
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003
attack.t1558.003
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Windows Credential Editor (WCE) Execution
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
LSASS Dump Keyword In CommandLine
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Dump
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Server Failed Logon From External Network
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Possible Shadow Credentials Added
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1556
·
Share on:
twitter
facebook
linkedin
copy
Potential Browser Data Stealing
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Using New NetworkProvider - REG
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Private Keys Reconnaissance Via CommandLine Tools
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump Via Comsvcs.DLL
calendar
Oct 18, 2023
·
attack.defense_evasion
attack.credential_access
attack.t1036
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
RottenPotato Like Attack Pattern
calendar
Oct 18, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
Shadow Copies Creation Using Operating Systems Utilities
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Outbound Kerberos Connection
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1558
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSTEM User Process Creation
calendar
Oct 18, 2023
·
attack.credential_access
attack.defense_evasion
attack.privilege_escalation
attack.t1134
attack.t1003
attack.t1027
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Usage Of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Typical HiveNightmare SAM File Export
calendar
Oct 18, 2023
·
attack.credential_access
attack.t1552.001
cve.2021.36934
·
Share on:
twitter
facebook
linkedin
copy
Added Owner To Application
calendar
Oct 17, 2023
·
attack.t1552
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
App Granted Microsoft Permissions
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Application AppID Uri Configuration Changes
calendar
Oct 17, 2023
·
attack.persistence
attack.credential_access
attack.privilege_escalation
attack.t1552
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Application URI Configuration Changes
calendar
Oct 17, 2023
·
attack.t1528
attack.t1078.004
attack.persistence
attack.credential_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Audit CVE Event
calendar
Oct 17, 2023
·
attack.execution
attack.t1203
attack.privilege_escalation
attack.t1068
attack.defense_evasion
attack.t1211
attack.credential_access
attack.t1212
attack.lateral_movement
attack.t1210
attack.impact
attack.t1499.004
·
Share on:
twitter
facebook
linkedin
copy
Azure AD Only Single Factor Authentication Required
calendar
Oct 17, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
Azure Key Vault Modified or Deleted
calendar
Oct 17, 2023
·
attack.impact
attack.credential_access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Key Modified or Deleted
calendar
Oct 17, 2023
·
attack.impact
attack.credential_access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Keyvault Secrets Modified or Deleted
calendar
Oct 17, 2023
·
attack.impact
attack.credential_access
attack.t1552
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Admission Controller
calendar
Oct 17, 2023
·
attack.persistence
attack.t1078
attack.credential_access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Network Policy Change
calendar
Oct 17, 2023
·
attack.impact
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes RoleBinding/ClusterRoleBinding Modified and Deleted
calendar
Oct 17, 2023
·
attack.impact
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
CrackMapExec File Creation Patterns
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - System
calendar
Oct 17, 2023
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Delegated Permissions Granted For All Users
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
End User Consent
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
End User Consent Blocked
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Enumeration for 3rd Party Creds From CLI
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Failed Authentications From Countries You Do Not Operate Out Of
calendar
Oct 17, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Admission Controller
calendar
Oct 17, 2023
·
attack.persistence
attack.t1078
attack.credential_access
attack.t1552
attack.t1552.007
·
Share on:
twitter
facebook
linkedin
copy
KrbRelayUp Attack Pattern
calendar
Oct 17, 2023
·
attack.privilege_escalation
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Linux Recon Indicators
calendar
Oct 17, 2023
·
attack.reconnaissance
attack.t1592.004
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access Detected via Attack Surface Reduction
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access from Non System Account
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Dump Artefact In CrashDumps Folder
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz DC Sync
calendar
Oct 17, 2023
·
attack.credential_access
attack.s0002
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Multifactor Authentication Interrupted
calendar
Oct 17, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
attack.t1621
·
Share on:
twitter
facebook
linkedin
copy
Ntdsutil Abuse
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Password Reset By User Account
calendar
Oct 17, 2023
·
attack.persistence
attack.credential_access
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
PetitPotam Suspicious Kerberos TGT Request
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Possible DC Shadow Attack
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1207
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Possible PetitPotam Coerce Authentication Attempt
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1187
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Via PowerShell
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Attempt Via PowerShell Remote Thread
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via LSASS SilentProcessExit Technique
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via WER
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via WER - Application
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential Invoke-Mimikatz PowerShell Script
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Powershell Install a DLL in System Directory
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1556.002
·
Share on:
twitter
facebook
linkedin
copy
Process Access via TrolleyExpress Exclusion
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.t1218.011
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Rare GrantedAccess Flags on LSASS Access
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Replay Attack Detected
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
Sign-in Failure Due to Conditional Access Requirements Not Met
calendar
Oct 17, 2023
·
attack.initial_access
attack.credential_access
attack.t1110
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Successful Authentications From Countries You Do Not Operate Out Of
calendar
Oct 17, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Event With Teams Objects
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Kerberos RC4 Ticket Encryption
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LSASS Access Via MalSecLogon
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Office Token Search Via CLI
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Serv-U Process Pattern
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1555
cve.2021.35211
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Teams Application Related ObjectAcess Event
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
User with Privileges Logon
calendar
Oct 17, 2023
·
attack.defense_evasion
attack.lateral_movement
attack.credential_access
attack.t1558
attack.t1649
attack.t1550
·
Share on:
twitter
facebook
linkedin
copy
VSSAudit Security Event Source Registration
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
WerFault LSASS Process Memory Dump
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Windows Credential Manager Access via VaultCmd
calendar
Oct 17, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Account Lockout
calendar
Oct 12, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transfer Lock Disabled
calendar
Oct 12, 2023
·
attack.persistence
attack.credential_access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
AWS Route 53 Domain Transferred to Another Account
calendar
Oct 12, 2023
·
attack.persistence
attack.credential_access
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Change to Authentication Method
calendar
Oct 12, 2023
·
attack.credential_access
attack.t1556
attack.persistence
attack.defense_evasion
attack.t1098
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes RoleBinding
calendar
Oct 12, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Google Cloud Kubernetes Secrets Modified or Deleted
calendar
Oct 12, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Multifactor Authentication Denied
calendar
Oct 12, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
attack.t1621
·
Share on:
twitter
facebook
linkedin
copy
Potential MFA Bypass Using Legacy Client Authentication
calendar
Oct 12, 2023
·
attack.initial_access
attack.credential_access
attack.t1078.004
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
User Access Blocked by Azure Conditional Access
calendar
Oct 12, 2023
·
attack.credential_access
attack.initial_access
attack.t1110
attack.t1078.004
·
Share on:
twitter
facebook
linkedin
copy
Potentially Suspicious AccessMask Requested From LSASS
calendar
Oct 12, 2023
·
attack.credential_access
car.2019-04-004
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
MSSQL Server Failed Logon
calendar
Oct 11, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Copy .DMP/.DUMP Files From Remote Share Via Cmd.EXE
calendar
Oct 4, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage - Image
calendar
Oct 4, 2023
·
attack.defense_evasion
attack.credential_access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Unsigned Image Loaded Into LSASS Process
calendar
Oct 4, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows Credential History File By Uncommon Application
calendar
Sep 15, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Access To Windows DPAPI Master Keys By Uncommon Application
calendar
Sep 15, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Credential Manager Access By Uncommon Application
calendar
Sep 15, 2023
·
attack.t1003
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Memory Dump Files
calendar
Sep 13, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Primary Refresh Token Access Attempt
calendar
Sep 11, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Dumping Via LSASS Process Clone
calendar
Sep 7, 2023
·
attack.credential_access
attack.t1003
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Anomalous Token
calendar
Sep 6, 2023
·
attack.t1528
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Password Spray Activity
calendar
Sep 6, 2023
·
attack.t1110
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
SAML Token Issuer Anomaly
calendar
Sep 6, 2023
·
attack.t1606
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket Secretsdump.py Activity
calendar
Sep 1, 2023
·
attack.s0357
attack.credential_access
attack.t1003
attack.t1003.003
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell
calendar
Aug 28, 2023
·
attack.credential_access
attack.execution
attack.t1552.004
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Execution
calendar
Aug 28, 2023
·
attack.execution
attack.persistence
attack.privilege_escalation
attack.credential_access
attack.discovery
attack.t1047
attack.t1053
attack.t1059.003
attack.t1059.001
attack.t1110
attack.t1201
·
Share on:
twitter
facebook
linkedin
copy
CVE-2021-31979 CVE-2021-33771 Exploits
calendar
Aug 17, 2023
·
attack.credential_access
attack.t1566
attack.t1203
cve.2021.33771
cve.2021.31979
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Lsass Full Dump Request Via DumpType Registry Settings
calendar
Aug 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution
calendar
Aug 7, 2023
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Service Execution - Security
calendar
Aug 7, 2023
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
attack.t1569.002
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Credential Dumping Tools Named Pipe Created
calendar
Aug 7, 2023
·
attack.credential_access
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Koh Default Named Pipe
calendar
Aug 7, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1528
attack.t1134.001
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Creation In Mstsc.Exe From Suspicious Location
calendar
Jul 28, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
PktMon.EXE Execution
calendar
Jul 13, 2023
·
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping Tools Accessing LSASS Memory
calendar
Jun 26, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
car.2019-04-004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Rubeus Execution - ScriptBlock
calendar
Jun 26, 2023
·
attack.credential_access
attack.t1003
attack.t1558.003
attack.lateral_movement
attack.t1550.003
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access From Program in Potentially Suspicious Folder
calendar
Jun 26, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious GrantedAccess Flags on LSASS Access
calendar
Jun 26, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Volume Shadow Copy Mount
calendar
Jun 21, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
APT31 Judgement Panda Activity
calendar
Jun 20, 2023
·
attack.lateral_movement
attack.credential_access
attack.g0128
attack.t1003.001
attack.t1560.001
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
CVE-2023-23397 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.credential_access
attack.initial_access
cve.2023.23397
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-42278 Exploitation Attempt
calendar
Jun 20, 2023
·
attack.credential_access
attack.t1558.003
cve.2021.42278
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Potential Russian APT Credential Theft Activity
calendar
Jun 20, 2023
·
attack.credential_access
attack.t1552.001
attack.t1003.003
detection.emerging_threats
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported From Local Certificate Store
calendar
May 18, 2023
·
attack.credential_access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Certificate Private Key Acquired
calendar
May 18, 2023
·
attack.credential_access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Certificate Exported Via PowerShell - ScriptBlock
calendar
May 18, 2023
·
attack.credential_access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Dumpert Process Dumper Default File
calendar
May 15, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Process Dump Via Procdump
calendar
May 15, 2023
·
attack.defense_evasion
attack.t1036
attack.credential_access
attack.t1003.001
car.2013-05-009
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADDBAccount Usage
calendar
May 15, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Child and Parent Process Relationships (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Process Access and Injection (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
LSASS Running Under Non-Privileged User Context (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Dumping Credentials with MiniDump Function (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Parent Process
calendar
May 9, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Veeam Backup Servers Credential Dumping Script Execution
calendar
May 9, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
NTDS Exfiltration Filename Patterns
calendar
May 5, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Created
calendar
May 5, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTDS.DIT Creation By Uncommon Process
calendar
May 5, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Remote Thread Created In KeePass.EXE
calendar
May 5, 2023
·
attack.credential_access
attack.t1555.005
·
Share on:
twitter
facebook
linkedin
copy
Standard User In High Privileged Group
calendar
May 5, 2023
·
attack.credential_access
attack.privilege_escalation
·
Share on:
twitter
facebook
linkedin
copy
Credentials In Files - Linux
calendar
Apr 30, 2023
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
SAM Dump to AppData
calendar
Apr 30, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certify Execution
calendar
Apr 25, 2023
·
attack.discovery
attack.credential_access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Process Memory Dump via RdrLeakDiag.EXE
calendar
Apr 24, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Failed Logins with Different Accounts from Single Source - Linux
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Sign-in Failure Bad Password Threshold
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Stored Credentials in Fake Files
calendar
Apr 21, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Certipy Execution
calendar
Apr 21, 2023
·
attack.discovery
attack.credential_access
attack.t1649
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket GetUserSPNs Activity
calendar
Apr 16, 2023
·
attack.s0357
attack.credential_access
attack.t1558
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Potential CVE-2021-42287 Exploitation Attempt
calendar
Apr 14, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
QuarksPwDump Clearing Access History
calendar
Apr 14, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Pcap Drivers
calendar
Apr 14, 2023
·
attack.discovery
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Rejected SMB Guest Logon From IP
calendar
Apr 11, 2023
·
attack.credential_access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Dump64.exe Execution
calendar
Mar 24, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Communication With IPFS
calendar
Mar 24, 2023
·
attack.credential_access
attack.t1056
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Active Directory Database Snapshot Via ADExplorer
calendar
Mar 15, 2023
·
attack.credential_access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Master Key Backup Attempt
calendar
Mar 15, 2023
·
attack.credential_access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
Active Directory Database Snapshot Via ADExplorer
calendar
Mar 14, 2023
·
attack.credential_access
attack.t1552.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Load Of Dbghelp/Dbgcore DLL From Suspicious Process
calendar
Mar 9, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
VolumeShadowCopy Symlink Creation Via Mklink
calendar
Mar 7, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Copying Sensitive Files with Credential Data
calendar
Mar 5, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.003
car.2013-07-001
attack.s0404
·
Share on:
twitter
facebook
linkedin
copy
Dropping Of Password Filter DLL
calendar
Mar 5, 2023
·
attack.credential_access
attack.t1556.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious NTLM Authentication on the Printer Spooler Service
calendar
Mar 2, 2023
·
attack.privilege_escalation
attack.credential_access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares
calendar
Feb 27, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Automated Collection Command Prompt
calendar
Feb 21, 2023
·
attack.collection
attack.t1119
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Gather Credentials
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Network Sniffing Activity Using Network Tools
calendar
Feb 21, 2023
·
attack.credential_access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Process LSASS
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
PowerShell SAM Copy
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - DIT Snapshot Viewer
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
PUA - Mouse Lock Execution
calendar
Feb 21, 2023
·
attack.credential_access
attack.collection
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Key Manager Access
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1555.004
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Reg Add Open Command
calendar
Feb 21, 2023
·
attack.credential_access
attack.t1003
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Kirbi File Creation
calendar
Feb 17, 2023
·
attack.credential_access
attack.t1558
·
Share on:
twitter
facebook
linkedin
copy
QuarksPwDump Dump File
calendar
Feb 17, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
SafetyKatz Default Dump Filename
calendar
Feb 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Renamed Comsvcs DLL Loaded By Rundll32
calendar
Feb 17, 2023
·
attack.credential_access
attack.defense_evasion
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unsigned Dbghelp/Dbgcore DLL Loaded
calendar
Feb 17, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
PUA - WebBrowserPassView Execution
calendar
Feb 16, 2023
·
attack.credential_access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Potential Windows Defender Tampering Via Wmic.EXE
calendar
Feb 14, 2023
·
attack.credential_access
attack.t1546.008
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CrackMapExec Process Patterns
calendar
Feb 13, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Harvesting Of Wifi Credentials Via Netsh.EXE
calendar
Feb 13, 2023
·
attack.discovery
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
New Network Trace Capture Started Via Netsh.EXE
calendar
Feb 13, 2023
·
attack.discovery
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
DPAPI Domain Backup Key Extraction
calendar
Feb 7, 2023
·
attack.credential_access
attack.t1003.004
·
Share on:
twitter
facebook
linkedin
copy
SAM Registry Hive Handle Request
calendar
Feb 7, 2023
·
attack.discovery
attack.t1012
attack.credential_access
attack.t1552.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PFX File Creation
calendar
Feb 7, 2023
·
attack.credential_access
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Dumping of Sensitive Hives Via Reg.EXE
calendar
Feb 7, 2023
·
attack.credential_access
attack.t1003.002
attack.t1003.004
attack.t1003.005
car.2013-07-001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Command With Teams Objects Paths
calendar
Feb 6, 2023
·
attack.credential_access
attack.t1528
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Pypykatz Credentials Dumping Activity
calendar
Feb 6, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Quarks PwDump Execution
calendar
Feb 5, 2023
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - ADCSPwn Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1557.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - CreateMiniDump Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Dumpert Process Dumper Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Hashcat Password Cracker Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1110.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - Hydra Password Bruteforce Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1110
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SecurityXploded Execution
calendar
Feb 4, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Credentials from Password Stores - Keychain
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1555.001
·
Share on:
twitter
facebook
linkedin
copy
Guacamole Two Users Sharing Session Anomaly
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
Hack Tool User Agent
calendar
Feb 1, 2023
·
attack.initial_access
attack.t1190
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
iOS Implant URL Pattern
calendar
Feb 1, 2023
·
attack.execution
attack.t1203
attack.collection
attack.t1005
attack.t1119
attack.credential_access
attack.t1528
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Manipulation
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1212
·
Share on:
twitter
facebook
linkedin
copy
LSASS Access from White-Listed Processes
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Access by Tool Named Dump
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Use
calendar
Feb 1, 2023
·
attack.s0002
attack.lateral_movement
attack.credential_access
car.2013-07-001
car.2019-04-004
attack.t1003.002
attack.t1003.004
attack.t1003.001
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
NPPSpy Hacktool Usage
calendar
Feb 1, 2023
·
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Credential Prompt
calendar
Feb 1, 2023
·
attack.credential_access
attack.execution
attack.t1059.001
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Get-Process LSASS in ScriptBlock
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
WerFault Accassing LSASS
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1003.001
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Windows Credential Editor Registry
calendar
Feb 1, 2023
·
attack.credential_access
attack.t1003.001
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Access to Browser Login Data
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1555.003
·
Share on:
twitter
facebook
linkedin
copy
Create Volume Shadow Copy with Powershell
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
NTLM Brute Force
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Request A Single Ticket via PowerShell
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Connection to Remote Account
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1110.001
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Get-ADReplAccount
calendar
Jan 27, 2023
·
attack.credential_access
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
External Remote Service Logon from Public IP
calendar
Jan 23, 2023
·
attack.initial_access
attack.credential_access
attack.t1133
attack.t1078
attack.t1110
·
Share on:
twitter
facebook
linkedin
copy
Okta MFA Reset or Deactivated
calendar
Jan 12, 2023
·
attack.persistence
attack.credential_access
attack.defense_evasion
attack.t1556.006
·
Share on:
twitter
facebook
linkedin
copy
Linux Keylogging with Pam.d
calendar
Jan 10, 2023
·
attack.credential_access
attack.t1003
attack.t1056.001
·
Share on:
twitter
facebook
linkedin
copy
Lazagne dumping credentials
calendar
Jan 8, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Command Line With Ticket Export
calendar
Jan 8, 2023
·
attack.credential_access
attack.t1003
attack.t1003.001
attack.t1003.002
attack.t1003.004
attack.t1003.005
attack.t1003.006
·
Share on:
twitter
facebook
linkedin
copy
Cisco Collect Data
calendar
Jan 4, 2023
·
attack.discovery
attack.credential_access
attack.collection
attack.t1087.001
attack.t1552.001
attack.t1005
·
Share on:
twitter
facebook
linkedin
copy
Cisco Crypto Commands
calendar
Jan 4, 2023
·
attack.credential_access
attack.defense_evasion
attack.t1553.004
attack.t1552.004
·
Share on:
twitter
facebook
linkedin
copy
Cisco Show Commands Input
calendar
Jan 4, 2023
·
attack.credential_access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Cisco Sniffing
calendar
Jan 4, 2023
·
attack.credential_access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Dump Credentials from Windows Credential Manager With PowerShell
calendar
Jan 4, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Enumerate Credentials from Windows Credential Manager With PowerShell
calendar
Jan 4, 2023
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
Extracting Information with PowerShell
calendar
Jan 4, 2023
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Transferring Files with Credential Data via Network Shares - Zeek
calendar
Dec 27, 2022
·
attack.credential_access
attack.t1003.002
attack.t1003.001
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability
calendar
Dec 27, 2022
·
attack.privilege_escalation
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
ADCS Certificate Template Configuration Vulnerability with Risky EKU
calendar
Dec 27, 2022
·
attack.privilege_escalation
attack.credential_access
·
Share on:
twitter
facebook
linkedin
copy
Esentutl Volume Shadow Copy Service Keys
calendar
Dec 27, 2022
·
attack.credential_access
attack.t1003.002
·
Share on:
twitter
facebook
linkedin
copy
GUI Input Capture - macOS
calendar
Dec 27, 2022
·
attack.credential_access
attack.t1056.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Unattend.xml File Access
calendar
Dec 27, 2022
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - Linux
calendar
Dec 18, 2022
·
attack.credential_access
attack.discovery
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Suspicious History File Operations - Linux
calendar
Nov 29, 2022
·
attack.credential_access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
NTDSutil Pulling of NTDS.dit File
calendar
Nov 29, 2022
·
attack.credential_access
attack.t1003
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing - MacOs
calendar
Nov 27, 2022
·
attack.discovery
attack.credential_access
attack.t1040
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Child and Parent Process Relationships
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Abnormal LSASS Process Access and Injection
calendar
Nov 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Dumping Process via Sqldumper.exe
calendar
Oct 28, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Invocation of Active Directory Diagnostic Tool (ntdsutil.exe)
calendar
Oct 28, 2022
·
attack.credential_access
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious SYSVOL Domain Group Policy Access
calendar
Oct 28, 2022
·
attack.credential_access
attack.t1552.006
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping by LaZagne
calendar
Oct 26, 2022
·
attack.credential_access
attack.t1003.001
attack.s0349
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz through Windows Remote Management
calendar
Oct 26, 2022
·
attack.credential_access
attack.execution
attack.t1003.001
attack.t1059.001
attack.lateral_movement
attack.t1021.006
attack.s0002
·
Share on:
twitter
facebook
linkedin
copy
Password Dumper Remote Thread in LSASS
calendar
Oct 25, 2022
·
attack.credential_access
attack.s0005
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
WCE wceaux.dll Access
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1003
attack.s0005
·
Share on:
twitter
facebook
linkedin
copy
Credentials In Files
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1552.001
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Network Traffic RC4 Ticket Encryption
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1558.003
·
Share on:
twitter
facebook
linkedin
copy
Possible Impacket SecretDump Remote Activity - Zeek
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1003.002
attack.t1003.004
attack.t1003.003
·
Share on:
twitter
facebook
linkedin
copy
Suspicious History File Operations
calendar
Oct 25, 2022
·
attack.credential_access
attack.t1552.003
·
Share on:
twitter
facebook
linkedin
copy
Password Dumper Activity on LSASS
calendar
Oct 14, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Time Travel Debugging Utility Usage
calendar
Oct 9, 2022
·
attack.defense_evasion
attack.credential_access
attack.t1218
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping by Pypykatz
calendar
Oct 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Lsass Memory Dump via Comsvcs DLL
calendar
Oct 9, 2022
·
attack.credential_access
attack.t1003.001
·
Share on:
twitter
facebook
linkedin
copy
Using Lazagne to dump credentials
calendar
May 9, 2022
·
attack.credential_access
attack.t1555
·
Share on:
twitter
facebook
linkedin
copy
to-top