| DET0234 |
Credential Dumping via Sensitive Memory and Registry Access Correlation |
T1003 |
| DET0007 |
Detection of Domain Trust Discovery via API, Script, and CLI Enumeration |
T1482 |
| DET0594 |
Detection of Unauthorized DCSync Operations via Replication API Abuse |
T1003.006 |
| DET0055 |
Detection strategy for Group Policy Discovery on Windows |
T1615 |
| DET0276 |
Detection Strategy for Rogue Domain Controller (DCShadow) Registration and Replication Abuse |
T1207 |
| DET0161 |
Password Policy Discovery – cross-platform behavior-chain analytics |
T1201 |