How Hackers Exploit Windows Administrative Shares
ATT&CK techniques detected
T1021.002SMB/Windows Admin Shares
97%
"and execute malicious payloads on a remote victim host. this technique relies on the ability to access administrative shares. for most networks, external access via the smb protocol is blocked by the firewall. within the internal network, however, smb traffic is often unrestricte…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.002SMB/Windows Admin Shares
96%
"”. it should be noted that the word “ hidden ” is a bit of a misnomer. only windows hides these shares from being displayed. if you were to connect to these shares with a unix / linux / macos smb client, all “ hidden shares ” would be visible. in fact, even windows allows you to …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.002SMB/Windows Admin Shares
88%
"how hackers exploit windows administrative shares the huntress soc team continues to see new emotet, trickbot, and qakbot malware outbreaks within networks — regardless of antivirus, anti - spam, or firewall solutions. as a result, we ’ ve become too familiar with the hurdles msp…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Windows' administrative shares feature is often overlooked by users, but not by hackers. Learn how attackers abuse administrative shares to propagate.