Naziv
|
Identify Shared Files/Directories on System
|
Sažetak
|
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
|
Preduvjeti
|
The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).
|
Rješenja
|
Identify unnecessary system utilities or potentially malicious software that may contain functionality to identify network share information, and audit and/or block them by using allowlist tools.
|