security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge PR #4636 from @slincoln-aiq - Fix Typo In Enable LM Hash Storage - ProcCreation

Browse Source 
fix: Enable LM Hash Storage - ProcCreation - Removed trailing slash from registry path
---------

Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com>
This commit is contained in:
Stephen Lincoln
2023-12-21 21:03:32 -05:00
committed by GitHub
parent e052677142
commit e0cf5f3bdc
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_reg_nolmhash.yml
+2 -1
View File
@@ -13,6 +13,7 @@ references:
- https://www.sans.org/blog/protecting-privileged-domain-accounts-lm-hashes-the-good-the-bad-and-the-ugly/
author: Nasreddine Bencherchali (Nextron Systems)
date: 2023/12/15
modified: 2023/12/22
tags:
- attack.defense_evasion
- attack.t1112
@@ -22,7 +23,7 @@ logsource:
detection:
selection:
CommandLine|contains|all:
- '\System\CurrentControlSet\Control\Lsa\'
- '\System\CurrentControlSet\Control\Lsa'
- 'NoLMHash'
- ' 0'
condition: selection