Windows Network Enumeration¶

Identifies attempts to enumerate hosts in a network using the built-in Windows net.exe tool.

id:	b8a94d2f-dc75-4630-9d73-1edc6bd26fff
categories:	detect
confidence:	low
os:	windows
created:	11/30/2018
updated:	11/30/2018

MITRE ATT&CK™ Mapping¶

tactics:	Discovery
techniques:	T1018 Remote System Discovery

Query¶

process where subtype.create and
    process_name == "net.exe" and command_line == "* view*" and command_line != "*\\\\*"

Detonation¶

Atomic Red Team: T1018

Contributors¶

Endgame

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.