Rule Library

Sigma Rules

1 rule found for "Michaela Adams"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Potential Access Token Abuse

Detects potential token impersonation and theft. Example, when using "DuplicateToken(Ex)" and "ImpersonateLoggedOnUser" with the "LOGON32_LOGON_NEW_CREDENTIALS flag".

Windowssecurity

TA0005 · Defense EvasionTA0004 · Privilege EscalationT1134.001 · Token Impersonation/Theftstp.4u

Michaela Adams+1Sun Nov 06windows