attack.t1550.002 | Detection.FYI

Pass the Hash Activity 2
May 2, 2023 · attack.lateral_movement attack.t1550.002 ·
Share on:
Detects the attack technique pass the hash which is used to move laterally inside the network

Read More
Successful Overpass the Hash Attempt
May 2, 2023 · attack.lateral_movement attack.s0002 attack.t1550.002 ·
Share on:
Detects successful logon with logon type 9 (NewCredentials) which matches the Overpass the Hash behavior of e.g Mimikatz's sekurlsa::pth module.

Read More
NTLMv1 Logon Between Client and Server
Apr 14, 2023 · attack.execution attack.t1550.002 attack.s0363 ·
Share on:
Detects the reporting of NTLMv1 being used between a client and server

Read More
Hacktool Ruler
Feb 1, 2023 · attack.discovery attack.execution attack.t1087 attack.t1114 attack.t1059 attack.t1550.002 ·
Share on:
This events that are generated when using the hacktool Ruler by Sensepost

Read More
NTLM Logon
Feb 1, 2023 · attack.lateral_movement attack.t1550.002 ·
Share on:
Detects logons using NTLM, which could be caused by a legacy source or attackers

Read More