T1135Techniquediscoveryagent-callable

T1135Network Share Discovery

Platforms: macOS · Windows · Linux

ATT&CK version: 14.1

What it is

Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network. File sharing over a Windows network occurs over the SMB protocol. (Citation: Wikipedia Shared Resource) (Citation: TechNet Shared Folder) [Net](https://attack.mitre.org/software/S0039) can be used to query a remote system for available shared drives using the <code>net view \\\\remotesystem</code> command. It can also be used to query shared drives on the local system using <code>net share</code>. For macOS, the <code>sharing -l</code> command lists all shared points used for smb services.

ATT&CK tactics· 1

Discovery

References

  1. https://attack.mitre.org/techniques/T1135
  2. https://technet.microsoft.com/library/cc770880.aspx
  3. https://en.wikipedia.org/wiki/Shared_resource
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.