Tag

Collection

4 briefs RSS

GenAI Tools Accessing Sensitive Files for Credential Access and Persistence

This threat brief details the detection of GenAI tools accessing sensitive files containing credentials, SSH keys, browser data, and shell configurations, indicating potential credential harvesting and persistence attempts by attackers leveraging GenAI agents.

Elastic Endpoint Security genai credential-access persistence collection

2r 4t 2d ago

medium advisory

Detection of Sensitive LDAP Attribute Access

2 rules 5 TTPs

This rule detects unauthorized access to sensitive Active Directory object attributes such as unixUserPassword, ms-PKI-AccountCredentials, and msPKI-CredentialRoamingTokens, potentially leading to credential theft and privilege escalation.

Active Directory +1 credential-access privilege-escalation collection windows

2r 5t Jan 19, 2024

medium advisory

Exchange Mailbox Export via PowerShell

2 rules 4 TTPs

Adversaries may use the New-MailboxExportRequest PowerShell cmdlet to export mailboxes in Exchange, potentially leading to sensitive information theft.

Microsoft Defender XDR +2 collection execution powershell exchange mailbox

2r 4t Jan 3, 2024

medium advisory

Detection of Encrypted Archive Creation with WinRAR or 7-Zip

2 rules 2 TTPs

Adversaries use WinRAR or 7-Zip with encryption options to compress and protect stolen data before exfiltration, making detection more challenging.

Defender XDR +2 collection archive exfiltration windows

2r 2t Jan 3, 2024