通过监测DLL调用探测Mimikatz
通过Sysmon的-l参数可以探测到DLL加载(ImageLoaded):
REF:
https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
--- --- --- --- From 小小leo 的博客 --- --- --- ---
通过Sysmon的-l参数可以探测到DLL加载(ImageLoaded):
REF:
https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/
