mirror of
https://github.com/keyboardcrunch/sentinelone-queries
synced 2026-06-08 17:07:13 +00:00
keyboardcrunch
17 lines
442 B
YAML
17 lines
442 B
YAML
title: Findstr Password Extraction
|
|
description: Detection of content exfiltration of passwords within files using findstr.exe
|
|
or PowerShell's findstr.
|
|
author: keyboardcrunch
|
|
date: 10/10/2020
|
|
modified: null
|
|
mitre:
|
|
tactic: Credential Access
|
|
technique: T1552
|
|
subtechnique: 001
|
|
operating_system: windows
|
|
query: TgtProcCmdLine ContainsCIS "/si pass" OR TgtProcCmdLine ContainsCIS "-pattern
|
|
password"
|
|
false_positives: null
|
|
tags: null
|
|
|