From ccedb27d7552e68fc0577475cd9b9ec5557fe29a Mon Sep 17 00:00:00 2001
From: "@" <@>
Date: Fri, 23 Oct 2020 16:43:01 -0500
Subject: [PATCH] rename

---
 Tactics/CredentialAccess.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Tactics/CredentialAccess.md b/Tactics/CredentialAccess.md
index 9c34c05..36d1553 100644
--- a/Tactics/CredentialAccess.md
+++ b/Tactics/CredentialAccess.md
@@ -62,7 +62,7 @@ TgtProcCmdline RegExp "^.*\/S cpassword.*\\sysvol\\.*.xml" OR TgtProcCmdline Con
 Atomics: [T1558.003](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md)
 
 
-### T1056.001 Keylogging
+### T1056.001 Powershell Keylogging
 Atomics: [T1056.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md)
 
 I wasn't able to get either copy of the Get-Keystrokes.ps1 to work with powershell, but the below should reliably detect invocation by alias or CmdScript line matching.