<<< Hide Navigation Hide TOC >>>

HackTool - HandleKatz Duplicating LSASS Handle (b1bd3a59-c1fd-4860-9f40-4dd161a7d1f5)

Detects HandleKatz opening LSASS to duplicate its handle to later dump the memory without opening any new handles

Rows: 3

Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

---

TableFilter v0.7.2

https://www.tablefilter.com/
©2015-2025 Max Guglielmi

Close

?

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern Sigma-Rules		Clear Attack Pattern	Clear 1 2
HackTool - HandleKatz Duplicating LSASS Handle (b1bd3a59-c1fd-4860-9f40-4dd161a7d1f5)	Sigma-Rules	Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	1
HackTool - HandleKatz Duplicating LSASS Handle (b1bd3a59-c1fd-4860-9f40-4dd161a7d1f5)	Sigma-Rules	LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2