Clankerusecase
MITRE ATT&CK detection coverage
 ← Back to main site
Home/ MITRE Matrix/ Lateral Movement/ T1021.006

T1021.006Windows Remote Management

T1021.006 — Windows Remote Management is a MITRE ATT&CK technique in the Lateral Movement tactic. Clankerusecase tracks 9 detection use cases covering it.

Lateral Movement
View on the matrix → Filter Detection Library MITRE official spec ↗
9Use cases
0Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1021 · Remote Services

Use cases covering this technique (9)

Interactive Session on Remote Endpoint with PowerShell ESCU actions · alerting P Possible Lateral Movement PowerShell Spawn ESCU actions · hunting P Powershell Remote Services Add TrustedHost ESCU actions · alerting P Remote Process Instantiation via WinRM and PowerShell ESCU actions · alerting P Remote Process Instantiation via WinRM and PowerShell Script Block ESCU actions · alerting P Remote Process Instantiation via WinRM and Winrs ESCU actions · alerting P Windows Remote Host Computer Management Access ESCU actions · hunting P Windows Remote Management Execute Shell ESCU actions · hunting P Wsmprovhost LOLBAS Execution Process Spawn ESCU actions · alerting P