Remote System Discovery and Remote Desktop Protocol
Adversaries want to understand your environment and will use Remote System Discovery to do so. They can also leverage the same Remote Desktop Protocol (RDP) you'd use to access systems remotely. And, with the right credentials, they can move laterally through your system. Outwit them by detecting and blocking these techniques today.
Adversaries will often perform Remote System Discovery many times throughout an engagement. Each time they find themselves on a new endpoint or in a new subnet they will likely want to know more about this new location. Living off the land, using legitimate software present on the system, is a common approach that can make detection of this behavior even more difficult. Don’t let adversaries snoop around your environment unnoticed, start detecting them now.
What could be wrong with a service that allows users to connect to any machine in the entire environment remotely? The risks of RDP access in the wrong hands are seemingly obvious, but organizations continue to see adversary actions that involve this core technology. Couple this with Valid Credentials and it’s easy to see why this vector is useful for an adversary bent on accomplishing objectives on goal.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Discovery and Lateral Movement in your environment today.
Complete this entire course to earn a Remote System Discovery and Remote Desktop Protocol Certificate of Completion