Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

retitle

Browse Source
This commit is contained in:
@
2020-10-23 17:20:25 -05:00
parent cf93ffd1f5
commit 227c78fdad
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Tactics/CredentialAccess.md
+1 -1
View File
@@ -80,7 +80,7 @@ For simplicity, we're detecting a Cmdline used for both psexec (the test) as wel
TgtProcCmdLine ContainsCIS "save HKLM\security\policy\secrets"
`
### T1003.001 LSASS Memory
### T1003.001 LSASS Memory Dumping
Atomics: [T1003.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md)
This one may look crazy but it's not. Detection of wce by hash, procdump, comsvc, dumpert, mimikatz, pypykatz, and werfault all in one query.