|
|
|
|
|
|
by rolph
1123 days ago
|
|
|
summary pgh 3 [One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the
land, which uses built-in network administration tools to perform their objectives. This
TTP allows the actor to evade detection by blending in with normal Windows system
and network activities, avoid endpoint detection and response (EDR) products that
would alert on the introduction of third-party applications to the host, and limit the
amount of activity that is captured in default logging configurations. Some of the built-in
tools this actor uses are: wmic , ntdsutil , netsh , and PowerShell .] |
|
|