Adding GrantedAccess filter for catching credential dump.

SwiftOnSecurity / sysmon-config

Sysmon configuration file template with default high-quality event tracing

4.73k stars 1.69k forks source link

Open deftoner opened 3 years ago

deftoner commented 3 years ago

Modification: Under group add:

0x1010

That will catch when tools like mimikatz trigger a credential dump.

Screenshot-2020-12-23-12-15 (2)