Blog | G5 Cyber Security

Failure to Detect Privilege Escalation by Common Monitoring Tools

Microsoft Sysinternal suite is commonly used by digital forensics and incident response teams as a cheap and easy-use approach for incident investigation and forensics in Windows systems. Cybereason Research Lab found that commonly used traditional Microsoft monitoring tools miss common attacker behavior such as privilege escalation. Privilege escalation is a commonly used technique by hackers that was believed to be used in the Home Depot breach. It is important for Incident Investigation and SOC teams to be aware of common tools limitations in capturing such common behavior.”]

Source: https://informationsecuritybuzz.com/news/failure-detect-privilege-escalation-common-monitoring-tools/

Exit mobile version