Skip to content

Hide Navigation Hide TOC

Potential Credential Dumping Attempt Using New NetworkProvider - CLI (baef1ec6-2ca9-47a3-97cc-4cf2bda10b77)

Detects when an attacker tries to add a new network provider in order to dump clear text credentials, similar to how the NPPSpy tool does it

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Credential Dumping Attempt Using New NetworkProvider - CLI (baef1ec6-2ca9-47a3-97cc-4cf2bda10b77) Sigma-Rules OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 1