Detections
Analytics
Exploitation of Remote Services (Windows)
Description
Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Unauthenticated or Authenticated Scan | Any | Vulnerabilities | |
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 64582 |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Lateral Movement
Technique: Exploitation of Remote Services
Sub-Technique: Exploitation of Remote Services
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q3