Rule Library

Sigma Rules

2 rules found for "Mark Russinovich"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Potentially Suspicious AccessMask Requested From LSASS

Detects process handle on LSASS process with certain access mask

Windowssecurity

TA0006 · Credential Access2019-04-004 · CAR 2019-04-004T1003.001 · LSASS Memory

Roberto Rodriguez (Cyb3rWard0g)+5Fri Nov 01windows

Detectionmediumtest

Potentially Suspicious GrantedAccess Flags On LSASS

Detects process access requests to LSASS process with potentially suspicious access flags

WindowsProcess Access

TA0006 · Credential AccessT1003.001 · LSASS MemoryS0002 · Mimikatz

Florian Roth (Nextron Systems)+9Mon Nov 22windows