Windows Post-Exploitation
Description
This analytic story identifies popular Windows post exploitation tools for example winpeas.bat, winpeas.exe, WinPrivCheck.bat and many more.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Endpoint
- Last Updated: 2022-11-30
- Author: Teoderick Contreras, Splunk
- ID: 992899b7-a5cf-4bcd-bb0d-cf81762188ba
Narrative
These tools allow operators to find possible exploits or paths for privilege escalation and persistence on a targeted host. Ransomware operator like the “Prestige ransomware” also used or abuses these post exploitation tools such as winPEAS to scan for possible avenue to gain privileges and persistence to a targeted Windows Operating System.
Detections
Reference
source | version: 1