attack.t1550.002

NTLMv1 Logon Between Client and Server

Oct 28, 2023 · attack.defense_evasion attack.lateral_movement attack.t1550.002 ·

Detects the reporting of NTLMv1 being used between a client and server. NTLMv1 is insecure as the underlying encryption algorithms can be brute-forced by modern hardware.

NTLM Logon

Oct 17, 2023 · attack.lateral_movement attack.t1550.002 ·

Share on:

Detects logons using NTLM, which could be caused by a legacy source or attackers

Successful Overpass the Hash Attempt

Jun 26, 2023 · attack.lateral_movement attack.s0002 attack.t1550.002 ·

Share on:

Detects successful logon with logon type 9 (NewCredentials) which matches the Overpass the Hash behavior of e.g Mimikatz's sekurlsa::pth module.

Pass the Hash Activity 2

May 2, 2023 · attack.lateral_movement attack.t1550.002 ·

Share on:

Detects the attack technique pass the hash which is used to move laterally inside the network

Hacktool Ruler

Feb 1, 2023 · attack.discovery attack.execution attack.t1087 attack.t1114 attack.t1059 attack.t1550.002 ·

Share on:

This events that are generated when using the hacktool Ruler by Sensepost