Product
medium
advisory
LSASS Credential Dumping via Windows Error Reporting (WER) Abuse
2 rules 2 TTPsAttackers can enable full user-mode dumps system-wide via registry modification to facilitate LSASS credential dumping, allowing extraction of credentials from process memory without deploying malware.
Elastic Defend +2
credential-access
windows
lsass
wepw
2r
2t
medium
advisory
Potential Windows Error Manager Masquerading
2 rules 1 TTPAdversaries may masquerade malicious processes as legitimate Windows Error Reporting processes (WerFault.exe or Wermgr.exe) to evade detection by establishing network connections without arguments, thus blending into normal system activity.
Windows Error Reporting
defense-evasion
masquerading
windows
2r
1t