Daniel Roberson - credentialtheftprocdumpcomsvcs-manageengine2024

Daniel Roberson

credentialtheftprocdumpcomsvcs-manageengine2024

0001-01-01

Credential Theft Using Procdump or Comsvcs

ManageEngine 2024

https://www.manageengine.com/log-management/correlation-rules/credential-theft-using-procdump-comsvcs.html

Notes
Local Security Authority Subsystem (LSASS)
lateral movement
credential dumping
procdump
comsvcs - comsvcs.dll
Sysinternals
principle of least privilege

Links to this note

Notes

Recent Posts

Linux Hardening: SSH

2025-03-06 DFIR SSH hardening linux hardening SSH PAM

Linux Anti-Forensics: Timestomping

2025-03-05 DFIR linux anti-forensics

Finding Bad with Linux Package Managers

2025-03-03 DFIR linux persistence

Linux Persistence: Startup Scripts

2024-11-10 DFIR CTF linux persistence systemd SysV init startup script

Linux Persistence: Cron

2024-11-10 DFIR CTF linux persistence cron