From 12676d2596a79be491141a448d85fae8fe01a536 Mon Sep 17 00:00:00 2001 From: jcube3ai <102632342+jcube3ai@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:29:30 -0400 Subject: [PATCH] Update veilhunter_lsass_memory_access.yml --- veilhunter_lsass_memory_access.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/veilhunter_lsass_memory_access.yml b/veilhunter_lsass_memory_access.yml index 9426a24..2c1fcfd 100644 --- a/veilhunter_lsass_memory_access.yml +++ b/veilhunter_lsass_memory_access.yml @@ -1,6 +1,6 @@ title: VeilHunter - LSASS Memory Access by Non-System Process id: a1b2c3d4-0101-4e5f-8a9b-ca1de2f30101 -status: experimental +status: experimental jcube3ai description: > Detects a process accessing lsass.exe memory with rights typically used for credential dumping (PROCESS_VM_READ). Excludes known legitimate