Windows Replication Through Removable Media
Replication Through Removable Media
Lateral Movement
Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature
Exploitation of Remote Services
Splunk Code Injection via custom dashboard leading to RCE
Exploitation of Remote Services
Windows Protocol Tunneling with Plink
Protocol Tunneling, SSH
Allow Inbound Traffic By Firewall Rule Registry
Remote Desktop Protocol, Remote Services
Allow Inbound Traffic By Firewall Rule Registry
Remote Desktop Protocol, Remote Services
Windows Remote Service Rdpwinst Tool Execution
Remote Desktop Protocol, Remote Services
Windows Remote Service Rdpwinst Tool Execution
Remote Desktop Protocol, Remote Services
Windows Remote Services Allow Remote Assistance
Remote Desktop Protocol, Remote Services
Windows Remote Services Allow Remote Assistance
Remote Desktop Protocol, Remote Services
Windows Remote Services Allow Rdp In Firewall
Remote Desktop Protocol, Remote Services
Windows Remote Services Allow Rdp In Firewall
Remote Desktop Protocol, Remote Services
Windows Remote Services Rdp Enable
Remote Desktop Protocol, Remote Services
Windows Remote Services Rdp Enable
Remote Desktop Protocol, Remote Services
Remote Process Instantiation via DCOM and PowerShell Script Block
Remote Services, Distributed Component Object Model
Remote Process Instantiation via DCOM and PowerShell Script Block
Remote Services, Distributed Component Object Model
Interactive Session on Remote Endpoint with PowerShell
Remote Services, Windows Remote Management
Interactive Session on Remote Endpoint with PowerShell
Remote Services, Windows Remote Management
Remote Process Instantiation via WinRM and PowerShell Script Block
Remote Services, Windows Remote Management
Remote Process Instantiation via WinRM and PowerShell Script Block
Remote Services, Windows Remote Management
Unknown Process Using The Kerberos Protocol
Use Alternate Authentication Material
Kerberos TGT Request Using RC4 Encryption
Use Alternate Authentication Material
Rubeus Kerberos Ticket Exports Through Winlogon Access
Use Alternate Authentication Material, Pass the Ticket
Rubeus Kerberos Ticket Exports Through Winlogon Access
Use Alternate Authentication Material, Pass the Ticket
Rubeus Command Line Parameters
Use Alternate Authentication Material, Pass the Ticket, Steal or Forge Kerberos Tickets, Kerberoasting, AS-REP Roasting
Rubeus Command Line Parameters
Use Alternate Authentication Material, Pass the Ticket, Steal or Forge Kerberos Tickets, Kerberoasting, AS-REP Roasting
Mimikatz PassTheTicket CommandLine Parameters
Use Alternate Authentication Material, Pass the Ticket
Mimikatz PassTheTicket CommandLine Parameters
Use Alternate Authentication Material, Pass the Ticket
Enable RDP In Other Port Number
Remote Services
Impacket Lateral Movement Commandline Parameters
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Impacket Lateral Movement Commandline Parameters
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Impacket Lateral Movement Commandline Parameters
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service
Rare Parent-Child Process Relationship
Exploitation for Client Execution, Command and Scripting Interpreter, Scheduled Task/Job, Software Deployment Tools
Potential Pass the Token or Hash Observed at the Destination Device
Use Alternate Authentication Material, Pass the Hash
Potential Pass the Token or Hash Observed at the Destination Device
Use Alternate Authentication Material, Pass the Hash
Possible Lateral Movement PowerShell Spawn
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Possible Lateral Movement PowerShell Spawn
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Possible Lateral Movement PowerShell Spawn
Remote Services, Distributed Component Object Model, Windows Remote Management, Windows Management Instrumentation, Scheduled Task, Windows Service, PowerShe...
Mmc LOLBAS Execution Process Spawn
Remote Services, Distributed Component Object Model, MMC
Mmc LOLBAS Execution Process Spawn
Remote Services, Distributed Component Object Model, MMC
Wsmprovhost LOLBAS Execution Process Spawn
Remote Services, Windows Remote Management
Wsmprovhost LOLBAS Execution Process Spawn
Remote Services, Windows Remote Management
Executable File Written in Administrative SMB Share
Remote Services, SMB/Windows Admin Shares
Executable File Written in Administrative SMB Share
Remote Services, SMB/Windows Admin Shares
Remote Process Instantiation via WinRM and PowerShell
Remote Services, Windows Remote Management
Remote Process Instantiation via WinRM and PowerShell
Remote Services, Windows Remote Management
Remote Process Instantiation via DCOM and PowerShell
Remote Services, Distributed Component Object Model
Remote Process Instantiation via DCOM and PowerShell
Remote Services, Distributed Component Object Model
Remote Process Instantiation via WinRM and Winrs
Remote Services, Windows Remote Management
Remote Process Instantiation via WinRM and Winrs
Remote Services, Windows Remote Management
Potential Pass the Token or Hash Observed by an Event Collecting Device
Use Alternate Authentication Material, Pass the Hash
Potential Pass the Token or Hash Observed by an Event Collecting Device
Use Alternate Authentication Material, Pass the Hash
Detect PsExec With accepteula Flag
Remote Services, SMB/Windows Admin Shares
Detect PsExec With accepteula Flag
Remote Services, SMB/Windows Admin Shares
Allow Inbound Traffic In Firewall Rule
Remote Desktop Protocol, Remote Services
Allow Inbound Traffic In Firewall Rule
Remote Desktop Protocol, Remote Services
Detect Activity Related to Pass the Hash Attacks
Use Alternate Authentication Material, Pass the Hash
Detect Activity Related to Pass the Hash Attacks
Use Alternate Authentication Material, Pass the Hash
Detect Computer Changed with Anonymous Account
Exploitation of Remote Services
aws detect sts get session token abuse
Use Alternate Authentication Material
SMB Traffic Spike - MLTK
SMB/Windows Admin Shares, Remote Services
SMB Traffic Spike - MLTK
SMB/Windows Admin Shares, Remote Services
SMB Traffic Spike
SMB/Windows Admin Shares, Remote Services
SMB Traffic Spike
SMB/Windows Admin Shares, Remote Services
Remote Desktop Process Running On System
Remote Desktop Protocol, Remote Services
Remote Desktop Process Running On System
Remote Desktop Protocol, Remote Services
Remote Desktop Network Bruteforce
Remote Desktop Protocol, Remote Services
Remote Desktop Network Bruteforce
Remote Desktop Protocol, Remote Services
Detection of tools built by NirSoft
Software Deployment Tools
Remote Desktop Network Traffic
Remote Desktop Protocol, Remote Services
Remote Desktop Network Traffic
Remote Desktop Protocol, Remote Services