t1003

Here is 1 public repository matching this topic...

Zeltoc / wazuh-lsass-credential-access-detection

Wazuh SIEM lab detecting lsass credential access using Sysmon Event ID 10 and a custom rule targeting PROCESS_ALL_ACCESS (0x1FFFFF). Built in Proxmox homelab.

incident-response sysmon siem homelab wazuh blue-team mitre-attack windows-security lsass detection-engineering credential-access t1003

Updated May 7, 2026

Improve this page

Add a description, image, and links to the t1003 topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the t1003 topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

t1003

Here is 1 public repository matching this topic...

Zeltoc / wazuh-lsass-credential-access-detection

Improve this page

Add this topic to your repo