M
detecting-t1003-credential-dumping-with-edr
by mukul975
detecting-t1003-credential-dumping-with-edr skill for threat hunting with EDR, Sysmon, and Windows event correlation to detect LSASS, SAM, NTDS.dit, LSA secrets, and cached credential dumping. Use it to validate alerts, scope incidents, and reduce false positives with practical workflow guidance.
Threat Hunting
Favorites 0GitHub 0