SMB.Psexec.Detection
Description
This indicates the detection of attacks using Metasploit psexec module, which uses a valid administrator username and password to upload arbitrary executable and create a new service using it.
Affected Products
Any Windows system
Impact
System Compromise: Remote attackers can execute arbitrary code within the context of the application.
Recommended Actions
The signature's action can be set to "Block" to prevent this attack.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |