Exploitation of Remote Services (Windows)

Description

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. 

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesUnauthenticated or Authenticated ScanAnyVulnerabilities
Tenable Vulnerability ManagementAdvanced Network ScanWindows machinesAuthenticated ScanOS CommandComputer ConnectivityPlugin ID: 64582

References

Netstat Connection Information

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Lateral Movement

Platform: Windows

Tenable Release Date: 2022 Q3