Potential Remote Desktop TunnelingMar 5, 2023 · attack.lateral_movement attack.t1021 ·
Detects potential use of an SSH utility to establish RDP over a reverse SSH Tunnel. This can be used by attackers to enable routing of network packets that would otherwise not reach their intended destination.
Privilege Escalation via Named Pipe ImpersonationMar 5, 2023 · attack.lateral_movement attack.t1021 ·
Detects a remote file copy attempt to a hidden network share. This may indicate lateral movement or data staging activity.
Psexec ExecutionFeb 28, 2023 · attack.execution attack.t1569 attack.t1021 ·
Detects user accept agreement execution in psexec commandline