Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

rename

Browse Source
This commit is contained in:
@
2020-10-23 16:43:01 -05:00
parent 62d43adb96
commit ccedb27d75
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Tactics/CredentialAccess.md
+1 -1
View File
@@ -62,7 +62,7 @@ TgtProcCmdline RegExp "^.*\/S cpassword.*\\sysvol\\.*.xml" OR TgtProcCmdline Con
Atomics: [T1558.003](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1558.003/T1558.003.md)
### T1056.001 Keylogging
### T1056.001 Powershell Keylogging
Atomics: [T1056.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.001/T1056.001.md)
I wasn't able to get either copy of the Get-Keystrokes.ps1 to work with powershell, but the below should reliably detect invocation by alias or CmdScript line matching.