Secure Shell (SSH) is a standard means of remote access on Linux and macOS systems. When a user logs into a service, a session will be established that will allow them to maintain a continuous interaction with that service.Īdversaries may hijack a legitimate user's SSH session to move laterally within an environment. Users may use valid credentials to log into a service specifically designed to accept remote connections, such as telnet, SSH, and RDP. Adversaries may copy files between internal victim systems to support lateral movement using inherent file sharing protocols such as file sharing over SMB/Windows Admin Shares to connected network shares or with authenticated connections via Remote Desktop Protocol.Īdversaries may take control of preexisting sessions with remote services to move laterally in an environment. Ingress Tool Transfer) files may then be copied from one system to another to stage adversary tools or other files over the course of an operation. Once brought into the victim environment (i.e. Adversaries attempt to take advantage of a trusted internal account to increase the likelihood of tricking the target into falling for the phish attempt.Īdversaries may transfer tools or other files between systems in a compromised environment. Internal spearphishing is multi-staged campaign where an email account is owned either by controlling the user's device with previously installed malware or by compromising the account credentials of the user. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. A common goal for post-compromise exploitation of remote services is for lateral movement to enable access to a remote system.Īdversaries may use internal spearphishing to gain access to additional information or exploit other users within the same organization after they already have access to accounts or systems within the environment. Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
0 Comments
Leave a Reply. |