
Insights from Dropping Remote Access Tools (RATs)
CybersecurityRemoteAccessToolsRATPost-ExploitationHorizon3CredentialsVulnerabilitiesSMBSSH
The post discusses the results of an analysis on Remote Access Tools (RAT) and post-exploitation by the Horizon3 attack team. It is highlighted that the majority of RAT installation attempts use credentials rather than exploiting vulnerabilities. Credential-based methods for deploying the RAT NodeZero face less scrutiny from security systems. The most common attacks for RAT installation attempts are based on SMB and SSH.