https://detection.fyi/tags/attack.t1689/ Recent content in attack.t1689 on Detection.FYI Hugo -- gohugo.io Tue, 28 Apr 2026 23:20:23 +0000 https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_lsa_ppl_protection_setting_modification_via_cli/ Tue, 28 Apr 2026 23:20:23 +0000 https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_lsa_ppl_protection_setting_modification_via_cli/ Detects modification of LSA PPL protection settings via CommandLine. It may indicate an attempt to disable protection and enable credential dumping tools to access LSASS process memory.