auto-generated queries from markdown notes

queries/windows/findstr_password_extraction.yml

@@ -0,0 +1,16 @@
+title: T1552.001 Findstr Password Extraction
+description: Detection of content exfiltration of passwords within files using findstr.exe
+  or PowerShell's findstr.
+author: keyboardcrunch
+date: 10/10/2020
+modified: null
+mitre:
+   tactic: Credential Access
+   technique: T1552
+   subtechnique: 006
+operating_system: windows
+query: TgtProcCmdLine ContainsCIS "/si pass" OR TgtProcCmdLine ContainsCIS "-pattern
+  password"
+false_positives: null
+tags: null
+