open-menu
closeme
Access To ADMIN$ Network Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - Security
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
CobaltStrike Service Installations - System
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Copy From Or To Admin Share Or Sysvol Folder
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.collection
attack.exfiltration
attack.t1039
attack.t1048
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
DCERPC SMB Spoolss Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
DCOM InternetExplorer.Application Iertutil DLL Hijack - Security
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Remote Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
First Time Seen Remote Named Pipe - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
HackTool - SharpMove Tool Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Impacket PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Metasploit SMB Authentication
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Password Provided In Command Line Of Net.EXE
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.initial-access
attack.persistence
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1078
·
Share on:
twitter
facebook
linkedin
copy
Potential CobaltStrike Service Installations - Registry
calendar
Aug 12, 2024
·
attack.execution
attack.privilege-escalation
attack.lateral-movement
attack.t1021.002
attack.t1543.003
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Potential DCOM InternetExplorer.Application DLL Hijack - Image Load
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1021.003
·
Share on:
twitter
facebook
linkedin
copy
Protected Storage Service Access
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - CSExec Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
PUA - RemCom Default Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Remote Service Activity via SVCCTL Named Pipe
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.persistence
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 Execution Without Parameters
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Rundll32 UNC Path Execution
calendar
Aug 12, 2024
·
attack.defense-evasion
attack.execution
attack.t1021.002
attack.t1218.011
·
Share on:
twitter
facebook
linkedin
copy
SMB Create Remote File Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
SMB Spoolss Name Piped Usage
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
smbexec.py Service Installation
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.execution
attack.t1021.002
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious New-PSDrive to Admin Share
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PsExec Execution
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Suspicious PsExec Execution - Zeek
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
T1047 Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Turla Group Lateral Movement
calendar
Aug 12, 2024
·
attack.g0010
attack.execution
attack.t1059
attack.lateral-movement
attack.t1021.002
attack.discovery
attack.t1083
attack.t1135
detection.emerging-threats
·
Share on:
twitter
facebook
linkedin
copy
Windows Admin Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Internet Hosted WebDav Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Windows Share Mount Via Net.EXE
calendar
Aug 12, 2024
·
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Wmiprvse Wbemcomn DLL Hijack - File
calendar
Aug 12, 2024
·
attack.execution
attack.t1047
attack.lateral-movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Default Impacket Service Creation Via Registry Keys (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
File Writes Within Admin Shares (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Process Execution from Admin Share (RedCanary Threat Detection Report)
calendar
May 10, 2023
·
attack.lateral_movement
attack.t1021.002
·
Share on:
twitter
facebook
linkedin
copy
Failed Mounting of Hidden Share
calendar
Apr 21, 2023
·
attack.t1021.002
attack.lateral_movement
·
Share on:
twitter
facebook
linkedin
copy
Metasploit Or Impacket Service Installation Via SMB PsExec
calendar
Apr 21, 2023
·
attack.lateral_movement
attack.t1021.002
attack.t1570
attack.execution
attack.t1569.002
·
Share on:
twitter
facebook
linkedin
copy
to-top