Tag
medium
advisory
Potential WSUS Abuse for Lateral Movement via PsExec
2 rules 2 TTPsAdversaries may exploit Windows Server Update Services (WSUS) to execute PsExec for lateral movement within a network by abusing the trusted update mechanism to run signed binaries.
Windows Server Update Services
lateral-movement
wsus
psexec
windows
2r
2t
low
advisory
PsExec Lateral Movement via Network Connection
2 rules 3 TTPsThe rule identifies the use of PsExec.exe making a network connection, indicative of potential lateral movement by adversaries executing commands with SYSTEM privileges on Windows systems to disable defenses.
Elastic Defend +1
psexec
lateral-movement
windows
2r
3t
medium
advisory
Suspicious Process Execution via Renamed PsExec Executable
2 rules 3 TTPsDetects suspicious PsExec activity where the PsExec service component is executed using a custom name, indicating an attempt to evade detections that look for the default PsExec service component name.
Elastic Defend +2
psexec
lateral-movement
execution
defense-evasion
windows
2r
3t