Track Common Adversary Tasks Performed Using PsExec

 








To know more about it, you can go through my detailed document by clicking here






PsExec

It's a free Microsoft tool that can be used to execute processes on other systems with full interactivity without even installing a client software manually. Hence, it is widely used by both IT administrators and attackers. 

PsExec is extremely versatile as well as capable due to its compelling characteristics and easy to use functionality which also makes it popular among Windows administrators for remote command execution.

Prerquisites

These include:
  1. PsExec is a Windows-only solution that works between Windows computers.
  2. A Windows host computer is required to connect to the target Windows host.
  3. Admin share should be available on the target Windows system. 
  4. Proper connectivity should be maintained between the host you are running PsExec, and the target computer you want to manage. 

How does PsExec works?

Its workflow is as follows:
  1. Firstly, it extracts an embedded Windows service called Psexesvc via its executable image.
  2. After that, this service is copied to the Admin share of the remote system.
  3. In order to have remote access with the target computer, Windows Service Control Manager API is used. 
  4. Now, the Psexesvc service is started on the remote system. 
  5. The executable remote specified by you is also launched including your specified options.

How to use PsExec?

This command can be used in many ways like:
  • Running a specific remote command on a single computer.
  • Running a generic command or PowerShell prompt on a remote computer.
  • Running a remote command against multiple computers.
  • Reading computers from a file.
  • Launching programs remotely and interactively. etc...

Conclusion

PsExec is a powerful tool that easily allows the IT admins to remotely connect to the Windows hosts and issue commands on the remote system, which also makes the organizations to hesitate to whitelist PsExec and other command-line tools globally as they can be easily used for malicious purposes. The best way is to allow minimal workstations to use PsExec, that can reduce the attack surface in case any occurs. 










To know more about it, you can go through my detailed document by clicking here






Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)