Product
medium
advisory
WMI Incoming Lateral Movement
3 rules 2 TTPsDetection of processes executed via Windows Management Instrumentation (WMI) on a remote host indicating potential adversary lateral movement.
HPWBEM +3
lateral-movement
wmi
windows
3r
2t
medium
advisory
Remote Execution of Windows Services via RPC
2 rules 2 TTPsDetection of remote execution of Windows services over RPC by correlating `services.exe` network connections and spawned child processes, potentially indicating lateral movement.
SCCM
lateral-movement
execution
windows
2r
2t