Mirrors/keyboardcrunch-sentinelone-attack-queries
1
0
Fork 0
mirror of https://github.com/keyboardcrunch/SentinelOne-ATTACK-Queries synced 2026-06-08 17:17:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e96efb030736d0921c7c85d7d8f49a39ac0cc97
keyboardcrunch-sentinelone-…/LateralMovement.md
T
@ 7e96efb030 T1563.002 RDP Hijack
2020-09-27 09:32:55 -05:00

1.0 KiB
Raw Blame History

Lateral Movement

T1550.002 Pass the Hash

Atomics: T1550.002

T1550.003 Pass the Ticket

Atomics: T1550.003

T1563.002 RDP Hijacking

Atomics: T1563.002

Detects RDS and RemoteApp session redirections for lateral movement.

SrcProcName = "tscon.exe" AND SrcProcCmdLine ContainsCIS "/dest:"

T1021.001 Remote Desktop Protocol

Atomics: T1021.001

T1021.002 SMB/Windows Admin Shares

Atomics: T1021.002

T1021.006 Windows Remote Management

Atomics: T1021.006

Reference in New Issue View Git Blame Copy Permalink