attack.s0005 | Detection.FYI

Credential Dumping Tools Service Execution - System
Apr 14, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
HackTool - Windows Credential Editor (WCE) Execution
Feb 4, 2023 · attack.credential_access attack.t1003.001 attack.s0005 ·
Share on:
Detects the use of Windows Credential Editor (WCE)

Read More
Credential Dumping Tools Service Execution
Feb 1, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
Credential Dumping Tools Service Execution - Security
Feb 1, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
Windows Credential Editor Registry
Feb 1, 2023 · attack.credential_access attack.t1003.001 attack.s0005 ·
Share on:
Detects the use of Windows Credential Editor (WCE)

Read More
Password Dumper Remote Thread in LSASS
Oct 25, 2022 · attack.credential_access attack.s0005 attack.t1003.001 ·
Share on:
Detects password dumper activity by monitoring remote thread creation EventID 8 in combination with the lsass.exe process as TargetImage. The process in field Process is the malicious program. A single execution can lead to hundreds of events.

Read More
WCE wceaux.dll Access
Oct 25, 2022 · attack.credential_access attack.t1003 attack.s0005 ·
Share on:
Detects wceaux.dll access while WCE pass-the-hash remote command execution on source host

Read More