This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
securityaura.bsky.social
did:plc:mlidy67mfddj6eysxamywqmc
#100DaysOfKQL
Day 20 - Potential CrackMapExec or secretsdump[.]py LSA and SAM Dump Artifact
Query that led to my first (and only) Sigma rule contribution back in 2022.
Need to test NetExec + Secretsdump to see if the path changed 👀
https://github.com/SecurityAura/DE-TH-Aura/blob/main/100DaysOfKQL/Day%2020%20-%20Potential%20CrackMapExec%20or%20secretsdump.py%20LSA%20and%20SAM%20Dump%20Artifact.md
2025-01-21T02:46:30.657Z