attack.s0005 | Detection.FYI

WCE wceaux.dll Access

Jan 31, 2025 · attack.credential-access attack.t1003 attack.s0005 ·
Share on:

Detects wceaux.dll access while WCE pass-the-hash remote command execution on source host

Read More
HackTool - Windows Credential Editor (WCE) Execution

Nov 25, 2024 · attack.credential-access attack.t1003.001 attack.s0005 ·
Share on:

Detects the use of Windows Credential Editor (WCE)

Read More
Credential Dumping Tools Service Execution - Security

Aug 12, 2024 · attack.credential-access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:

Detects well-known credential dumping tools execution via service execution events

Read More
Credential Dumping Tools Service Execution - System

Aug 12, 2024 · attack.credential-access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:

Detects well-known credential dumping tools execution via service execution events

Read More
Password Dumper Remote Thread in LSASS

Aug 12, 2024 · attack.credential-access attack.s0005 attack.t1003.001 ·
Share on:

Detects password dumper activity by monitoring remote thread creation EventID 8 in combination with the lsass.exe process as TargetImage. The process in field Process is the malicious program. A single execution can lead to hundreds of events.

Read More
Windows Credential Editor Registry

Aug 12, 2024 · attack.credential-access attack.t1003.001 attack.s0005 ·
Share on:

Detects the use of Windows Credential Editor (WCE)

Read More