DET0767 Detection of Exploitation of Remote Services

Technique Detected: T0866 (Exploitation of Remote Services)

Analytics

ICS

AN1899

Detecting software exploitation may be difficult depending on the tools available. Software exploits may not always succeed or may cause the exploited process to become unstable or crash, which may be recorded in the application log. Use deep packet inspection to look for artifacts of common exploit traffic, such as known payloads.

Log Sources

Mutable Elements