Product
high
advisory
Mimikatz MemSSP Log File Detection
2 rules 1 TTP 1 IOCDetects the creation of 'mimilsa.log', the default log file created by the Mimikatz MemSSP module after injecting a malicious Security Support Provider into LSASS, potentially exposing credentials from subsequent logons on the host.
Microsoft Defender XDR +4
credential-access
mimikatz
lsass
windows
2r
1t
1i
high
advisory
EDRSilencer Execution Detected
3 rules 1 TTPThe EDRSilencer tool is designed to block outbound traffic of EDR processes by leveraging Windows Filtering Platform (WFP) APIs to evade endpoint defenses.
Microsoft Defender +2
edr
defense-evasion
windows
3r
1t