detecting-credential-dumping-techniques

Official

Detect advanced credential dumping techniques to secure your systems.

Authorbalsm-health
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps in identifying advanced credential dumping techniques that cyber adversaries use to extract sensitive information from a system.

Core Features & Use Cases

  • Credential Dumping Detection: Identifies activities such as LSASS memory access, SAM database extraction, and NTDS.dit theft.
  • Security Monitoring: Integrates with SIEMs like Splunk or Elastic for enhanced security monitoring.
  • Automated Analysis: Automatically parses Sysmon event logs and Windows Security logs for suspicious activity.

Quick Start

Run the detection script with the path to your Sysmon event log XML export file.

Dependency Matrix

Required Modules

pythonpysysmon

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: detecting-credential-dumping-techniques
Download link: https://github.com/balsm-health/Balsm-AI/archive/main.zip#detecting-credential-dumping-techniques

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.