Thursday, 7 February 2019

Threat Hunting #11 - Exposed Passwords

[House Cleaning] - Detecting Your Own Users storing their passwords in "text" files (you will be surprised, its very common):

IBM Qradar Sysmon AQL:

select username, "Process CommandLine" from events where image imatches '(*.notepad.*)|(.*excel*)' and "Process CommandLine" imatches '(?i)((.*passw.*)|(.*pwd.*))'


process_name:notepad.exe|excel.exe|notepad++.exe and (cmdline:*password* or cmdline:*pwd* or cmdline:*passwd* or cmdline:*keys*)

Finding unprotected credentials in txt file or alike, makes the attacker life easy even if the environment is well hardened.

1 comment:

  1. For many players, incessantly asked questions are a fast and simple method of dealing with minor hiccups or navigating a brand new} on line casino with out needed to contact a customer representative. We would like to see the addition of FAQs in the future, and should it occur, we'll update our Videoslots evaluate and rating accordingly. Ozzy Osbourne™ is abailable to play at no cost and for actual cash. If you wish to play with out risking your own cash, you'll be able to|you possibly can} check out the free to play version of the sport at the high of this web page. Only One individual at a 메리트카지노 time is allowed to play a slot machine. Decide what you would like to wager, and how many of} paylines you wish to play.