Exclude admin tools with a scalpel, not a sledgehammer | SC Media

Exclude admin tools with a scalpel, not a sledgehammer

November 20, 2021
  • PSExec – “…a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PSExec’s most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.”  
  • PSKill – can “kill processes on remote systems. You don’t even have to install a client on the target computer to use PSKill  to terminate a remote process.”  
  • Process Hacker – a resource monitoring tool, that is often used to terminate security and logging software.  
  • Anydesk/TeamViewer/RDPWrap – or any tool designed for remote access, especially over the internet, can be used by a threat actor.  
  • GMER– built as an anti-rootkit tool, threat actors leverage its capabilities to ‘unhook’ security process.  
  • 7Zip/GZip/WinRar – Compression tools are used by adversaries to combine, shrink and exfiltrate your data – usually for extortion.  
  • Nirsoft tools – a collection of tools for password recovery, software uninstallation, and the ability run command-line tools without displaying a user interface.  
  • IOBit – has powerful uninstallation capabilities and is often used to remove security software.  
  • ProcDump – a debugging tool that can dump memory to disk, allowing a threat actor to expose in-memory data, such as credentials.   
prestitial ad