Defender Quarantines Lsass Dumps
An attacker logs in to my RDP Honeypot, launches Advanced Port Scanner, attempts to run a Meterpreter shell and then dumps Lsass using procdump. The attacker stumbles across the way and does not accomplish their mission. See the timeline, details, summary and IOCs below.
Post to Tumblr