Detect Activity Related To Pass The Hash Attacks

Description

This search looks for specific authentication events from the Windows Security Event logs to detect potential attempts at using the Pass-the-Hash technique.


Use Case

Advanced Threat Detection

Category

Lateral Movement

Alert Volume

This search looks for specific authentication events from the Windows Security Event logs to detect potential attempts at using the Pass-the-Hash technique.

SPL Difficulty

None

Journey

Stage 1

MITRE ATT&CK Tactics

Defense Evasion
Lateral Movement

MITRE ATT&CK Techniques

Use Alternate Authentication Material

Pass the Hash

MITRE Threat Groups

APT1
APT28
APT32
Night Dragon
Soft Cell

Kill Chain Phases

Actions On Objectives

Data Sources

Windows Security