security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1003.004.yaml (#1170)

Browse Source 
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
harml3ss
2020-08-04 19:46:28 -05:00
committed by GitHub
parent 6165e9e71d
commit e0449bc608
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.004/T1003.004.yaml
+5 -1
View File
@@ -3,7 +3,11 @@ display_name: "OS Credential Dumping: LSA Secrets"
atomic_tests:
- name: Dumping LSA Secrets
auto_generated_guid: 55295ab0-a703-433b-9ca4-ae13807de12f
description: Dump secrets key from Windows registry
description: |
Dump secrets key from Windows registry
When successful, the dumped file will be written to $env:Temp\secrets.
Attackers may use the secrets key to assist with extracting passwords and enumerating other sensitive system information.
https://pentestlab.blog/2018/04/04/dumping-clear-text-credentials/#:~:text=LSA%20Secrets%20is%20a%20registry,host%2C%20local%20security%20policy%20etc.
supported_platforms:
- windows
input_arguments: