Lateral Movement: Windows Remote Management

Cybrary
Course

In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.

Time
1 hour 5 minutes
Difficulty
Intermediate
CEU/CPE
1
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: APT29 Introduction
Campaign Overview
10m
Module 2: Lateral Movement: Windows Remote Management

2.1What is the “Remote Services: Windows Remote Management” Technique?

10m

2.2Detection, Validation, and Mitigation (Lab)

45m
Course Description

Lateral Movement is the general group of techniques used to expand access to other systems and applications within a compromised environment. This course will focus on technique Remote Services, and specifically the sub-technique Windows Remote Management. Publicly available threat intelligence suggests that APT29 has made use of this sub-technique to run commands and launch payloads laterally on other hosts in target environments.

Windows Remote Management (“WinRM”) is a service specifically designed to enable remote interaction with another Windows system in a network. It is therefore an ideal candidate for adversaries that wish to move laterally in an environment where this service is available and where the adversary possesses access to sufficiently privileged credentials.

Learn how to detect and mitigate this technique to protect your organization from this highly sophisticated type of attack.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT29. Prevent adversaries from accomplishing the tactic of lateral movement.

Instructed By
Chris Daywalt
Chris Daywalt
Security Freelancer
Instructor
Matthew Mullins
Matthew Mullins
Technical Manager, Red Team
Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Lateral Movement: Windows Remote Management Certificate of Completion