T1021: Remote Services

Adversaries may use Valid Accounts to log into a service specifically designed to accept remote connections, such as telnet, SSH, and VNC. The adversary may then perform actions as the logged-on user.

In an enterprise environments, servers and workstations can be organized into domains. Domain provide centralized identity management, allowing users to login using one set of credentials across the entire network. If an adversary is able to obtain a set of valid credentials, they could login to many different machines using remote access protocols such as secure shell(SSH) or remote desktop protocol (RDP).

Last updated