Lateral Movement: Windows Remote Management
Course Content
Lateral Movement is the general group of techniques used to expand access to other systems and applications within a compromised environment. This course will focus on technique Remote Services, and specifically the sub-technique Windows Remote Management. Publicly available threat intelligence suggests that APT29 has made use of this sub-technique to run commands and launch payloads laterally on other hosts in target environments.
Windows Remote Management (“WinRM”) is a service specifically designed to enable remote interaction with another Windows system in a network. It is therefore an ideal candidate for adversaries that wish to move laterally in an environment where this service is available and where the adversary possesses access to sufficiently privileged credentials.
Learn how to detect and mitigate this technique to protect your organization from this highly sophisticated type of attack.
Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT29. Prevent adversaries from accomplishing the tactic of lateral movement.