open-menu
closeme
Access of Stored Browser Credentials
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Access to Keychain Credentials Directories
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Command Shell Activity Started via RunDLL32
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Creation or Modification of Domain Backup DPAPI private key
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Credential Acquisition via Registry Hive Dumping
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Dumping Account Hashes via Built-In Commands
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Dumping of Keychain Content via Security Command
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Full User-Mode Dumps Enabled System-Wide
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Cached Credentials Dumping
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Traffic from Unusual Process
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Keychain Password Retrieval via Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Dump Creation
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
LSASS Process Access via Windows API
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Connection Strings Decryption
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Microsoft IIS Service Account Password Dumped
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Mimikatz Memssp Log File Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of OpenSSH Binaries
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Persistence
Tactic: Lateral Movement
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Standard Authentication Module or Configuration
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of WDigest Security Provider
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Network Logon Provider Registry Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
NTDS or SAM Database File Copied
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Cookies Theft via Browser Debugging
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via Trusted Developer Utility
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via Windows Utilities
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Kerberos Attack via Bifrost
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Credential Dumping via Proc Filesystem
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Credential Dumping via Unshadow
calendar
Sep 5, 2023
·
Data Source: Elastic Endgame
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Local Account Brute Force Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Local NTLM Relay via HTTP
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential macOS SSH Brute Force Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential OpenSSH Backdoor Logging Activity
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Remote Credential Access via Registry
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Shadow File Read via Command Line Utilities
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Unauthorized Access via Wildcard Injection Detected
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Prompt for Credentials with OSASCRIPT
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Searching for Saved Credentials via VaultCmd
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Files Compression
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Collection
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Module Loaded by LSASS
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Symbolic Link Created
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Symbolic Link to Shadow Copy Created
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
SystemKey Access via Command Line
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
WebProxy Settings Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Windows Registry File Creation in SMB Share
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Wireless Credential Dumping using Netsh Command
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Discovery
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Successful SSH Brute Force Attack
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Access to a Sensitive LDAP Attribute
calendar
Aug 31, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
FirstTime Seen Account Performing DCSync
calendar
Aug 31, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Use Case: Active Directory Monitoring
Data Source: Active Directory
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via DCSync
calendar
Aug 31, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Linux init (PID 1) Secret Dump via GDB
calendar
Aug 31, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Spike in Failed Logon Events
calendar
Aug 22, 2023
·
Use Case: Identity and Access Audit
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Spike in Logon Events
calendar
Aug 22, 2023
·
Use Case: Identity and Access Audit
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Spike in Successful Logon Events from a Source IP
calendar
Aug 22, 2023
·
Use Case: Identity and Access Audit
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
Tactic: Defense Evasion
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Unusual Linux Process Calling the Metadata Service
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Unusual Linux User Calling the Metadata Service
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Unusual Login Activity
calendar
Aug 22, 2023
·
Use Case: Identity and Access Audit
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Unusual Windows Process Calling the Metadata Service
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Unusual Windows User Calling the Metadata Service
calendar
Aug 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Attempted Bypass of Okta MFA
calendar
Aug 21, 2023
·
Data Source: Okta
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Attempts to Brute Force an Okta User Account
calendar
Aug 21, 2023
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta Brute Force or Password Spraying Attack
calendar
Aug 21, 2023
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Okta User Session Impersonation
calendar
Aug 21, 2023
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
Potential Abuse of Repeated MFA Push Notifications
calendar
Aug 21, 2023
·
Use Case: Identity and Access Audit
Tactic: Credential Access
Data Source: Okta
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Kerberos Ticket Dump
calendar
Aug 20, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Invoke-NinjaCopy script
calendar
Jul 19, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: PowerShell Logs
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS Credentials Searched For Inside A Container
calendar
Jul 17, 2023
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
PowerShell Kerberos Ticket Request
calendar
Jul 14, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
Potential External Linux SSH Brute Force Detected
calendar
Jul 10, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Internal Linux SSH Brute Force Detected
calendar
Jul 10, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential SSH Brute Force Detected on Privileged Account
calendar
Jul 10, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Successful Linux FTP Brute Force Attack Detected
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Successful Linux RDP Brute Force Attack Detected
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via DuplicateHandle in LSASS
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via LSASS Memory Dump
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Memory Dump via PssCaptureSnapShot
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Suspicious LSASS Access via MalSecLogon
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Lsass Process Access
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Multiple Vault Web Credentials Read
calendar
Jun 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Full Network Packet Capture Detected
calendar
Jun 28, 2023
·
Domain: Cloud
Data Source: Azure
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Attempts to Brute Force a Microsoft 365 User Account
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Brute Force of Assume Role Policy
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Resources: Investigation Guide
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM User Addition to Group
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
Tactic: Persistence
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS Management Console Brute Force of Root User Identity
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Key Vault Modified
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Azure Storage Account Key Regenerated
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping - Detected - Elastic Endgame
calendar
Jun 22, 2023
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Credential Dumping - Prevented - Elastic Endgame
calendar
Jun 22, 2023
·
Data Source: Elastic Endgame
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen AWS Secret Value Accessed in Secrets Manager
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Drive Encryption Key(s) Accessed from Anonymous User
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Kerberos Pre-authentication Disabled for User
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
LSASS Memory Dump Handle Access
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Multiple Logon Failure Followed by Logon Success
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Multiple Logon Failure from the same Source Address
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
O365 Excessive Single Sign-On Logon Errors
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Credential Access via Renamed COM+ Services DLL
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Potential Invoke-Mimikatz PowerShell Script
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
Potential LSASS Clone Creation via PssCaptureSnapShot
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Sysmon Only
·
Share on:
twitter
facebook
linkedin
copy
Potential Password Spraying of Microsoft 365 User Accounts
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Identity and Access Audit
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Potential Shadow Credentials added to AD Object
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
PowerShell MiniDump Script
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
Data Source: PowerShell Logs
·
Share on:
twitter
facebook
linkedin
copy
Privileged Account Brute Force
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Files Compression Inside A Container
calendar
Jun 22, 2023
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Collection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Keys Or Passwords Searched For Inside A Container
calendar
Jun 22, 2023
·
Data Source: Elastic Defend for Containers
Domain: Container
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Sensitive Privilege SeEnableDelegationPrivilege assigned to a User
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Service Creation via Local Kerberos Authentication
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Privilege Escalation
Tactic: Credential Access
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Remote Registry Access via SeBackupPrivilege
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
Resources: Investigation Guide
Use Case: Active Directory Monitoring
Data Source: Active Directory
·
Share on:
twitter
facebook
linkedin
copy
User account exposed to Kerberoasting
calendar
Jun 22, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Active Directory
Resources: Investigation Guide
Use Case: Active Directory Monitoring
·
Share on:
twitter
facebook
linkedin
copy
to-top