AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
5min chapter
Episode 27: Roberto Rodriguez
Detection: Challenging Paradigms
How to Detect False Positives in Credential Dumping
One of my theories is that instead of focusing on Just what's necessary so in the credential I know that you're familiar with this. A lot of us use sismont even ID 10 as our detection Base like the base for our detection But the problem is is that a process access event is only necessary for credential dumping Right, but there's a ton of reasons why somebody might open a handle to to ls right? So maybe you want to write to ls, maybe you just want to enumerate some information about ls Maybe you want to read from ls, but just because we've observed that somebody requested a handle with the process VM read Access does not mean that they actually used that handle to
00:00
Transcript
Episode notes
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode