Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An attacker can acquire legitimate account credentials through brute force or other techniques. With these credentials, the attacker can take advantage of the privilege levels associated with the account to access files. If sensitive files are not properly configured with the appropriate permissions, an attacker might gain unauthorized access with stolen credentials.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
The SMB protocol grants user-level access to file shares based on a username and password. With stolen user credentials, an attacker can attempt to access file servers and shares. Likewise, an employee might also try to gain unauthorized access to a file server with their restricted credentials. By sending SMB session requests from various accounts, the attacker can discover which file servers are available to each user. An attacker can then leverage higher-privileged accounts to accomplish the later steps of their attack.
