Kevin Beaumont on Nostr: Unfortunately my toot on this from a few weeks ago deleted, but it's pretty ...
Unfortunately my toot on this from a few weeks ago deleted, but it's pretty important.
DeepInstinct published research (and PoC) for a technique called DCOM Upload & Execute. It allows lateral movement and code execution on Windows using built in APIs, so you don't need psexec.
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
Vendors should add robust detection for this. I fully expect crimeware groups to use it, as it avoids psexec blocking etc.
Tried with MDE today, zero detections still.
DeepInstinct published research (and PoC) for a technique called DCOM Upload & Execute. It allows lateral movement and code execution on Windows using built in APIs, so you don't need psexec.
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
Vendors should add robust detection for this. I fully expect crimeware groups to use it, as it avoids psexec blocking etc.
Tried with MDE today, zero detections still.