Tag

Post-Exploitation

4 briefs RSS

Windows Post Exploitation Risk Behavior Detection

This analytic identifies potential post-exploitation behaviors on a Windows system by monitoring multiple risk events and their associated MITRE ATT&CK tactics, indicating potential malicious actions following an initial compromise.

Splunk Enterprise +2 post-exploitation windows splunk

2r 8t 3w ago

high advisory

NetExec File Creation Detection

2 rules 3 TTPs

This brief covers the detection of NetExec, a post-exploitation and lateral movement tool, through monitoring for unique file creation patterns associated with its execution and file extraction in Windows environments.

netexec crackmapexec lateral-movement post-exploitation hacktool

2r 3t Jan 18, 2024

high advisory

Detection of NetExec Hacktool Execution

2 rules 2 TTPs

The threat brief details the detection of NetExec (formerly CrackMapExec), a post-exploitation tool used for Active Directory penetration testing and network enumeration, often employed by threat actors for lateral movement and credential harvesting.

pentest post-exploitation lateral-movement active-directory

2r 2t Jan 3, 2024

medium advisory

WinPEAS PowerShell Script Execution Detection

2 rules 8 TTPs

This brief documents the detection of the WinPEAS PowerShell script execution on Windows systems, a tool commonly used for identifying privilege escalation paths by identifying specific function names used within the script.

Splunk Enterprise +2 privilege-escalation post-exploitation windows

2r 8t Jan 3, 2024