-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lazagne Crendential Dumping Tool Detection Rule #4740
Comments
Welcome @cY83rR0H1t 👋 It looks like this is your first issue on the Sigma rules repository! The following repository accepts issues related to If you're reporting an issue related to the pySigma library please consider submitting it here If you're reporting an issue related to the deprecated sigmac library please consider submitting it here Thanks for taking the time to open this issue, and welcome to the Sigma community! 😃 |
Description of the Idea of the Rule
Lazagne's primary purpose is to retrieve passwords stored on a local computer. It can access passwords from various applications, browsers, and system configurations. This detection rule is for lazagne.exe binary file arguments.
Public References / Exampel Event Log
https://github.com/AlessandroZ/LaZagne/tree/master
https://github.com/The-DFIR-Report/Sigma-Rules/blob/abaa1097fa72b184349b7467ffc6f9e7646cd900/rules/windows/process_creation/proc_creation_win_lazagne_dumping_credentials.yml#L4
The text was updated successfully, but these errors were encountered: