Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Gaining access to the administrative file shares on multiple devices can be difficult because an attacker must first acquire domain-level administrator privileges. After the attacker has these privileges, they can easily transfer malicious payloads and compromise multiple devices on the network.
Kill Chain
Risk Score
78
After an attacker compromises a workstation, the attacker searches for new targets on the network. Ideally, the compromised workstation has credentials that provide the attacker with administrative access to a new target. With administrative access, the attacker can transfer an executable file to a default file share (such as ADMIN$ or C$) on the target. After the malicious payload from the file runs (through the actions of the attacker or the victim), the attacker can move laterally to the newly compromised device to conduct more attacks.
