Tag
This brief detects the execution of known Windows utilities such as procdump, ntdsutil, and diskshadow, often abused to dump LSASS memory or the Active Directory database (NTDS.dit) in preparation for credential access, potentially leading to widespread compromise.