JasonR6

Detecting APT Using Anomalous Windows Remote Management Methods and Dynamic RPC Endpoint Mapping

Blog Post created by JasonR6 on Dec 22, 2014

Great report entitled Detecting APT Using Anomalous Windows Remote Management Methods and Dynamic RPC Endpoint Mapping produced by RSA's Incident Response Team. The paper discusses techniques attackers utilize to work in plain sight by exploiting common management functions.  The report does a great job discussing techniques to help detect these tactics as well. Also attached is a digital appendix that includes a parser for RSA Security Analytics.

Outcomes