Tag

Netsh

5 briefs RSS

Wireless Credential Dumping via Netsh

Adversaries use the Windows built-in utility Netsh to dump Wireless saved access keys in clear text, potentially leading to credential compromise.

Defender XDR +2 credential-access netsh windows

2r 2t Jan 30, 2024

low advisory

Netsh Helper DLL Persistence

2 rules 2 TTPs

Attackers may abuse the Netsh Helper DLL functionality by adding malicious DLLs to execute payloads every time the netsh utility is executed via administrators or scheduled tasks, achieving persistence.

Microsoft Defender XDR +3 persistence windows netsh registry

2r 2t Jan 30, 2024

medium advisory

Windows Netsh Tool Used for Firewall Discovery

2 rules 1 TTP

The analytic detects the execution of the Windows built-in tool netsh.exe to display the state, configuration, and profile of the host firewall, potentially leading to unauthorized network access or data exfiltration.

Splunk Enterprise +2 discovery windows netsh firewall

2r 1t Jan 3, 2024

high threat

Detection of Processes Launching netsh.exe for Malicious Purposes

2 rules

Detection of netsh.exe execution by unusual processes indicative of potential malicious activity, including persistence and network configuration changes by threat actors.

exploited Splunk Enterprise +3 netsh living-off-the-land persistence network-configuration

2r Jan 3, 2024

medium advisory

Netsh Used to Enable Remote Desktop Protocol (RDP) in Windows Firewall

2 rules 2 TTPs

Adversaries may use the `netsh.exe` utility to enable inbound Remote Desktop Protocol (RDP) connections in the Windows Firewall, potentially allowing unauthorized remote access to compromised systems.

Windows Firewall +4 defense-evasion lateral-movement windows netsh rdp

2r 2t Jan 2, 2024