T1133 Persistence External Remote Services - CraigDonkin/Infrastructure GitHub Wiki
T1133 - Persistence External Remote Services
- VPNs/Citrix
- OWA
- Connect to internal enterprise resources
- Scan external infrastructure for services
- TCP/3389 - RDP
- TCP/443/80/8080/8443 - Typically used by web based remote access services
- TCP/5900 - VNC
- TCP/5985/5986 - WINRM
- UDP/500 - IKE
- Do they use 2FA?
- Try Compromised Credentials
- Look for credentials in password dumps etc.
⚠️ **GitHub.com Fallback** ⚠️