Skip to content

Hide Navigation Hide TOC

LSASS Process Reconnaissance Via Findstr.EXE (fe63010f-8823-4864-a96b-a7b4a0f7b929)

Detects findstring commands that include the keyword lsass, which indicates recon actviity for the LSASS process PID

Cluster A Galaxy A Cluster B Galaxy B Level
LSASS Process Reconnaissance Via Findstr.EXE (fe63010f-8823-4864-a96b-a7b4a0f7b929) Sigma-Rules Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 1
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517) Attack Pattern Group Policy Preferences - T1552.006 (8d7bd4f5-3a89-4453-9c82-2c8894d5655e) Attack Pattern 2