attack.t1003.005 | Detection.FYI

Credential Dumping Tools Service Execution - System
Apr 14, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
HackTool - Mimikatz Execution
Feb 22, 2023 · attack.credential_access attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 ·
Share on:
Detection well-known mimikatz command line arguments

Read More
Dumping of Sensitive Hives Via Reg.EXE
Feb 7, 2023 · attack.credential_access attack.t1003.002 attack.t1003.004 attack.t1003.005 car.2013-07-001 ·
Share on:
Detects the usage of "reg.exe" in order to dump sensitive registry hives, which includes SAM, SYSTEM and SECURITY

Read More
New Generic Credentials Added Via Cmdkey.EXE
Feb 6, 2023 · attack.credential_access attack.t1003.005 ·
Share on:
Detects usage of cmdkey to add generic credentials. As an example, this has to be used before connecting to an RDP session via command line interface.

Read More
Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
Feb 3, 2023 · attack.credential_access attack.t1003.005 ·
Share on:
Detects usage of cmdkey to look for cached credentials on the system

Read More
Credential Dumping Tools Service Execution
Feb 1, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
Credential Dumping Tools Service Execution - Security
Feb 1, 2023 · attack.credential_access attack.execution attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 attack.t1569.002 attack.s0005 ·
Share on:
Detects well-known credential dumping tools execution via service execution events

Read More
Mimikatz Command Line With Ticket Export
Jan 8, 2023 · attack.credential_access attack.t1003 attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 attack.t1003.006 ·
Share on:
Detection of well-known mimikatz command line arguments. Added more commandline indicators from referenced rule by author - Teymur Kheirkhabarov, oscd.community

Read More
Cred Dump Tools Dropped Files
Oct 26, 2022 · attack.credential_access attack.t1003.001 attack.t1003.002 attack.t1003.003 attack.t1003.004 attack.t1003.005 ·
Share on:
Files with well-known filenames (parts of credential dump software or files produced by them) creation

Read More
Cred Dump-Tools Named Pipes
Oct 25, 2022 · attack.credential_access attack.t1003.001 attack.t1003.002 attack.t1003.004 attack.t1003.005 ·
Share on:
Detects well-known credential dumping tools execution via specific named pipes

Read More