title: Findstr Password Extraction
description: Detection of content exfiltration of passwords within files using findstr.exe
  or PowerShell's findstr.
author: keyboardcrunch
date: 10/10/2020
modified: null
mitre:
   tactic: Credential Access
   technique: T1552
   subtechnique: 001
operating_system: windows
query: TgtProcCmdLine ContainsCIS "/si pass" OR TgtProcCmdLine ContainsCIS "-pattern
  password"
false_positives: null
tags: null