attack.t1078.001 | Detection.FYI

Admin User Remote Logon
May 2, 2023 · attack.lateral_movement attack.t1078.001 attack.t1078.002 attack.t1078.003 car.2016-04-005 ·
Share on:
Detect remote login by Administrator user (depending on internal pattern).

Read More
Guest Account Enabled Via Sysadminctl
Feb 20, 2023 · attack.initial_access attack.t1078 attack.t1078.001 ·
Share on:
Detects attempts to enable the guest account using the sysadminctl utility

Read More