Update process_creation_win_lolbas_dump64.yml
This commit is contained in:
Austin Songer
@@ -3,7 +3,7 @@ id: 129966c9-de17-4334-a123-8b58172e664d
|
||||
description: Detects when a user bypasses Defender by renaming a tool to dump64.exe and placing it in a Visual Studio folder
|
||||
status: experimental
|
||||
author: Austin Songer @austinsonger, Florian Roth
|
||||
date: 2021/11//26
|
||||
date: 2021/11/26
|
||||
references:
|
||||
- https://twitter.com/mrd0x/status/1460597833917251595
|
||||
logsource:
|
||||
|
||||
Reference in New Issue
Block a user