Source |
CrowdStrike |
Identifiant |
6769150 |
Date de publication |
2022-08-31 12:20:15 (vue: 2022-09-07 16:06:59) |
Titre |
Defense Against the Lateral Arts: Detecting and Preventing Impacket\'s Wmiexec |
Texte |
Impacket, an open source collection of Python modules for manipulating network protocols, contains several tools for remote service execution, Windows credential dumping, packet sniffing and Kerberos manipulation. CrowdStrike Services has seen an increased use of Impacket's wmiexec module, primarily by ransomware and eCrime groups. Wmiexec leaves behind valuable forensic artifacts that will help defenders detect […] |
Envoyé |
Oui |
Condensat |
against artifacts arts: behind collection contains credential crowdstrike defenders defense detect detecting dumping ecrime execution forensic groups has help impacket increased kerberos lateral leaves manipulating manipulation module modules network open packet preventing primarily protocols python ransomware remote seen service services several sniffing source tools use valuable will windows wmiexec |
Tags |
Ransomware
|
Stories |
|
Notes |
|
Move |
|