Mirrors/keyboardcrunch-sentinelone-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/sentinelone-queries synced 2026-06-10 18:01:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

removed tactic from titles

Browse Source
This commit is contained in:
keyboardcrunch
2020-12-06 00:34:46 -06:00
parent 4d6ac236bc
commit bc3557a4ea
5 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
queries/windows/lsa_secrets_extraction.yml
+14
View File
@@ -0,0 +1,14 @@
title: LSA Secrets Extraction
description: Detect direct LSA extraction with reg.exe.
author: keyboardcrunch
date: 10/10/2020
modified: 05/12/2020
mitre:
tactic: Credential Access
technique: T1003
subtechnique: 004
operating_system: windows
query: TgtProcCmdLine ContainsCIS "save HKLM\security\policy\secrets"
false_positives:
tags: