Tag
medium
advisory
Unusual Process Performing NewCredentials Logon
2 rules 1 TTPAnomalous NewCredentials logon events triggered by uncommon processes may indicate access token manipulation for privilege escalation.
privilege-escalation
token-manipulation
windows
2r
1t
medium
advisory
SeDebugPrivilege Enabled by a Suspicious Process
2 rules 1 TTPThe rule identifies a process running with a non-SYSTEM account that enables the SeDebugPrivilege privilege, which can be used by adversaries to debug and modify other processes to escalate privileges and bypass access controls.
Windows
privilege-escalation
token-manipulation
2r
1t