Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Enumeration often follows reconnaissance scans and can easily be done with common scanners, pen testing tools, or hacking tools. With a list of file share names, attackers have the exact locations for new attack vectors, which could lead to privilege escalation and data exfiltration from shares that contain sensitive files.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
Enumeration is the process of connecting to a system and obtaining information about file shares, directories, and accounts. Before an attacker can gain unauthorized access to a network share, they must find the name of a valid file share, such as \backup. By sending requests for possible share file names to a file server, an attacker can see which requests were denied as an invalid share name. Valid shares send a response that deny access. An attacker can then focus on compromising the file share to potentially spread malware or copy important files to their machine for exfiltration.
Disable anonymous (null) file share access
Restrict file share access to authorized users only
Restrict access to SMB server port 445 for authorized IP addresses with a firewall
