Capture Credentials with Rpcping.exe (93671f99-04eb-4ab4-a161-70d446a84003)
Detects using Rpcping.exe to send a RPC test connection to the target server (-s) and force the NTLM hash to be sent in the process.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Capture Credentials with Rpcping.exe (93671f99-04eb-4ab4-a161-70d446a84003) | Sigma-Rules | OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) | Attack Pattern | 1 |