- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Credential Dumping Indicators | Detection Rule Friday
Your LSASS process just got accessed — and you missed it.
Detection Rule Friday | DFIR Media
• Attackers dump credentials from memory to move laterally across your network.
• Watch for tool names in command lines: mimikatz, rubeus, SharpKatz, nanodump.
• Rundll32 calling comsvcs.dll MiniDump? That's targeting LSASS memory directly.
• Procdump dash m a lsass.exe is another red flag for credential theft.
• Hunt with Sysmon Event ID 1 for command lines and ID 10 for LSASS access.
• This is MITRE T1003 — OS Credential Dumping. Build your detections now.
AI-generated narration | DFIR Media
Видео Credential Dumping Indicators | Detection Rule Friday канала DFIR Lab
Detection Rule Friday | DFIR Media
• Attackers dump credentials from memory to move laterally across your network.
• Watch for tool names in command lines: mimikatz, rubeus, SharpKatz, nanodump.
• Rundll32 calling comsvcs.dll MiniDump? That's targeting LSASS memory directly.
• Procdump dash m a lsass.exe is another red flag for credential theft.
• Hunt with Sysmon Event ID 1 for command lines and ID 10 for LSASS access.
• This is MITRE T1003 — OS Credential Dumping. Build your detections now.
AI-generated narration | DFIR Media
Видео Credential Dumping Indicators | Detection Rule Friday канала DFIR Lab
Комментарии отсутствуют
Информация о видео
23 мая 2026 г. 7:51:42
00:00:40
Другие видео канала
AI Detection Rule Generation
AI Detection Rule Generation
T1562 — Impair Defenses | MITRE Spotlight
Mystery Malware Coded in Unknown Language Stumped World's Best Hackers
AI Alert Triage
DNS Configuration Analysis
Ransomware's Worst Nightmare (Shadow Copies) #DFIR #Cybersecurity
T1190 — Exploit Public-Facing Application | MITRE Spotlight
PCAP Files | Artifact of the Day
macOS Unified Logs | Artifact of the Day
Volume Shadow Copies (VSS) | Artifact of the Day
macOS KnowledgeC.db | Artifact of the Day
Shellbags | Artifact of the Day
PCAP Files | Artifact of the Day
Attack Surface Scan
Memory Forensics — Process Listing | Artifact of the Day
Service Installation from Unusual Directories | Detection Rule Friday
Google Safe Browsing Check
Windows Event Logs — PowerShell | Artifact of the Day
Cobalt Strike Beacon Detection Patterns | Detection Rule Friday
LOLBins — Living Off the Land Detection | Detection Rule Friday
