Got MFA? If not, Now is the Time!, (Wed, May 15th)

I had an interesting call from a client recently - they had a number of “net use” and “psexec” commands pop up on a domain controller, all called from PSEXEC (thank goodness for a good EDR deployed across the board!!).  The source IP was a VPN session.

Article Link: https://isc.sans.edu/diary/rss/30926

1 post - 1 participant

Read full topic

board call called client commands controller domain domain controller edr good may mfa pop session the source vpn