Detection Engineering
Detecting LSASS Credential Dumping
How to detect LSASS credential dumping — the Sysmon process-access signal, suspicious GrantedAccess masks, a Sigma rule, and the LSA protections that prevent it.
1 article
How to detect LSASS credential dumping — the Sysmon process-access signal, suspicious GrantedAccess masks, a Sigma rule, and the LSA protections that prevent it.