Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 09:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

T1563.002 RDP Hijack

Browse Source
This commit is contained in:
@
2020-09-27 09:32:55 -05:00
parent 177dbb3f73
commit 7e96efb030
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LateralMovement.md
+6
View File
@@ -11,6 +11,12 @@ Atomics: [T1550.003](https://github.com/redcanaryco/atomic-red-team/blob/master/
### T1563.002 RDP Hijacking
Atomics: [T1563.002](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1563.002/T1563.002.md)
Detects RDS and RemoteApp session redirections for lateral movement.
```
SrcProcName = "tscon.exe" AND SrcProcCmdLine ContainsCIS "/dest:"
```
### T1021.001 Remote Desktop Protocol
Atomics: [T1021.001](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1021.001/T1021.001.md)