Product

SQL Server

2 briefs RSS

MSSQL xp_cmdshell Stored Procedure Abuse for Persistence

Attackers may leverage the xp_cmdshell stored procedure in Microsoft SQL Server to execute arbitrary commands for privilege escalation and persistence, often bypassing default security configurations.

SQL Server persistence sql-server xp_cmdshell windows

2r 2t Jan 3, 2024

medium advisory

LSASS Memory Dump Creation Detection

2 rules 1 TTP

This rule identifies the creation of LSASS memory dump files, often indicative of credential access attempts using tools like Task Manager, SQLDumper, Dumpert, or AndrewSpecial, by monitoring for specific filenames and excluding legitimate dump locations.

Elastic Defend +4 credential_access lsass memory_dump windows

2r 1t Jan 2, 2024