Great report entitled Detecting APT Using Anomalous Windows Remote Management Methods and Dynamic RPC Endpoint Mapping produced by RSA's Incident Response Team. The paper discusses techniques attackers utilize to work in plain sight by exploiting common management functions. The report does a great job discussing techniques to help detect these tactics as well. Also attached is a digital appendix that includes a parser for RSA Security Analytics.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.