Exploitation of Remote Services (T1210)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Exploitation of Remote Services

Associated Tactics

  • Lateral Movement

Lateral Movement (TA0008)

The adversary is trying to move through your environment. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.

View on ATT&CK

Procedure Examples

Description Source(s)
CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018. CIS Multiple SMB Vulnerabilities
National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018. NVD CVE-2017-0176
National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018. NVD CVE-2016-6662
National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018. NVD CVE-2014-7169