Rule Library
Sigma Rules
2 rules found for "Modexp"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest
Lsass Memory Dump via Comsvcs DLL
Detects adversaries leveraging the MiniDump export function from comsvcs.dll via rundll32 to perform a memory dump from lsass.
WindowsProcess Access
TA0006 · Credential AccessT1003.001 · LSASS Memory
Roberto Rodriguez (Cyb3rWard0g)+1Tue Oct 20windows
Detectionhightest
Process Memory Dump Via Comsvcs.DLL
Detects a process memory dump via "comsvcs.dll" using rundll32, covering multiple different techniques (ordinal, minidump function, etc.)
WindowsProcess Creation
TA0005 · Defense EvasionTA0006 · Credential AccessT1036 · MasqueradingT1003.001 · LSASS Memory+1
Florian Roth (Nextron Systems)+3Tue Feb 18windows