DETECTION OVERVIEW

Network Share Enumeration Attempt

Risk Factors

Enumeration is a simple but important step taken by attackers after an initial network compromise. Reconnaissance tools such as Bloodhound make enumeration relatively easy to perform. Enumeration activity typically does not negatively affect network performance, but attackers can leverage this information to find new targets in an attack campaign.

The system might change the risk score for this detection.

Kill Chain

Reconnaissance

Risk Score

Attack Background

After infiltrating a network, an attacker typically looks for high-value targets. File shares might contain valuable information for an attacker to exfiltrate or leverage in subsequent attacks. One approach for enumerating file share names is to send Microsoft remote procedure call (MSRPC) queries to the Microsoft Server Service Remote Protocol (MS-SRVS) interface.

Mitigation Options

Monitor and investigate unusual activity quickly to minimize potential damage

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases