Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 09:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Renamed T1552.002

Browse Source
This commit is contained in:
@
2020-10-23 15:14:34 -05:00
parent 1ee7efa88a
commit 0dca759370
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Tactics/CredentialAccess.md
+1 -1
View File
@@ -31,7 +31,7 @@ To focus on detection, we're looking for AccessChk.exe where the DisplayName doe
TgtProcName = "accesschk.exe" AND TgtProcDisplayName != "Reports effective permissions for securable objects"
`
### T1552.002 Credentials in Registry
### T1552.002 Registry Credential Enumeration
Atomics: [T1552.002](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.002/T1552.002.md)
This query detects enumeration and discovery of credentials within the Registry, including Putty sessions.