New Generic Credentials Added Via Cmdkey.EXE

Rule Info

Name
New Generic Credentials Added Via Cmdkey.EXE
Author
frack113, Nasreddine Bencherchali (Nextron Systems)
Description
Detects usage of "cmdkey.exe" to add generic credentials. As an example, this can be used before connecting to an RDP session via command line interface.
Reference
https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1021.001/T1021.001.md#t1021001---remote-desktop-protocol
Date
2023-02-03 00:00:00
Modified
2024-03-05 00:00:00
Id
b1ec66c6-f4d1-4b5c-96dd-af28ccae7727
Tags
attack.credential_access attack.t1003.005 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=b1ec66c6-f4d1-4b5c-96dd-af28ccae7727

Rule History

Author
Title
Date
Commit
frack113
Merge PR #4752 from @frack113 - Update rules to use the `windash` modifier
2024-03-11
48baf1187
Qasim Qlf
Merge PR #4728 from @qasimqlf - Update multiple rules to cover the '-' arguments along with '/' arguments
2024-02-26
1b4ff4d7c
github-actions[bot]
Merge PR #4611 from @nasbench - Promote Older Rules Status From `experimental` To `test`
2023-12-01
ae960f088
Nasreddine Bencherchali
fix: multiple typos
2023-02-06
1f34cecad
Nasreddine Bencherchali
fix: add missing modified and small fixes to selections
2023-02-04
9e169c05a
Nasreddine Bencherchali
feat: even more updates
2023-02-03
fc316d863
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022