← Back to Explore
T1556.002
Password Filter DLL
Adversaries may register malicious password filter dynamic link libraries (DLLs) into the authentication process to acquire user credentials as they are validated. Windows password filters are password policy enforcement mechanisms for both domain and local accounts. Filters are implemented as DLLs containing a method to validate potential passwords against password policies. Filter DLLs can be positioned on local computers for local accounts and/or domain controllers for domain accounts. Befo...
Windows
3
Detections
1
Sources
2
Threat Actors
BY SOURCE
3sigma
PROCEDURES (2)
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring
Script Execution Monitoring1 detections
Auto-extracted: 1 detections for script execution monitoring