“- managed ) utilities on a microsoft windows based system. first up is powershell, a built - in command - line shell and scripting language that is used primarily by system admins to perform tasks like automation or configuration management. because it provides such deep access t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1218.010Regsvr32
99%
“can be used to run scripts from remote sources. - regsvr32. exe – used to register dlls and execute code from specially crafted scripts or remote com objects. - cscript. exe and wscript. exe – windows script host executables for running vbscript and jscript files. - installutil. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
98%
“an admin to query and modify system settings, manage services, and gather information about various system components. it also enables remote management capabilities, making it a frequent target for lateral movement by attackers. because of its stealth, power, and versatility, wm…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
95%
“to execute their attacks. this is especially true on windows - based systems. as a defender, it ’ s crucial that you understand how these utilities can be used against you and the risks associated with improper management of them. what are administrative utilities? simply put, ad…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1218.010Regsvr32
94%
“used to execute malicious payloads or install backdoors without writing conventional malware to disk. to add insult to injury, these utilities are signed by microsoft and are often used in development and deployment workflows, which means they ’ re rarely blocked and are routinel…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
90%
“to enumerate users, local and domain groups, organizational units, network shares, and domain trust relationships without triggering alerts. since this activity often mimics normal administrative behavior, it typically goes unnoticed, especially in environments that lack proper l…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
66%
“commonly abused administrative utilities : a hidden risk to enterprise security commonly abused administrative utilities : a hidden risk to enterprise security dale spent over 20 years working as an enterprise defender before joining black hills information security as a penetrat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
45%
“to enumerate users, local and domain groups, organizational units, network shares, and domain trust relationships without triggering alerts. since this activity often mimics normal administrative behavior, it typically goes unnoticed, especially in environments that lack proper l…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
34%
“to enumerate users, local and domain groups, organizational units, network shares, and domain trust relationships without triggering alerts. since this activity often mimics normal administrative behavior, it typically goes unnoticed, especially in environments that lack proper l…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks.
