Tag

Laps

1 brief RSS

Detecting Windows LAPS Password Gathering via PowerShell

This brief outlines detection strategies for adversaries attempting to retrieve LAPS passwords using PowerShell and the 'ms-Mcs-AdmPwd' property, potentially leading to lateral movement and privilege escalation within a Windows domain.

Splunk Enterprise +3 laps credential-access powershell windows

2r 2t Jan 3, 2024