![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
Sensitive File Dump Via Wbadmin.EXE
Author
Nasreddine Bencherchali (Nextron Systems), frack113
Description
Detects the dump of highly sensitive files such as "NTDS.DIT" and "SECURITY" hive.
Attackers can leverage the "wbadmin" utility in order to dump sensitive files that might contain credential or sensitive information.
Date
2024-05-10 00:00:00
Modified
None
Id
8b93a509-1cb8-42e1-97aa-ee24224cdc15
Tags
attack.credential_access attack.t1003.003 DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit