Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

T1056.004 Cred API Hooking

Browse Source
This commit is contained in:
@
2020-10-23 14:15:32 -05:00
parent 69e0d5a835
commit f30d6d6bff
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Tactics/CredentialAccess.md
+1
View File
@@ -4,6 +4,7 @@
### T1056.004 Credential API Hooking
Atomics: [T1056.004](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1056.004/T1056.004.md)
The weight of this test relies on injecting a dll with mavinject that hooks into powershell to do the TLS decryption, our detection for [T1055 Mavinject](https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries/blob/9da3392c991c2badcb88a715e791a55654c1c567/Tactics/DefenseEvasion.md#t1055-process-injection) would cover us for these tests.
### T1552.001 Credentials In Files
Atomics: [T1552.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1552.001/T1552.001.md)