cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Cortex XDR Remote account enumeration

L2 Linker

Hello,

today we have interesting alert

 

At least 33 distinct non-existing accounts failed to remotely log in to XX-Laptop1. Users list: name.user, user name, user.name, username

 

User has no idea - all day at school, behind NAT. What I cannot really understand how terminal service can be used when is user behind NAT and there is no port forwarding and any kind of redirect.

Any idea what to check next?

 

src. IP adresses looks ok via Virus Total

95.143.188.128
95.143.188.126
95.143.188.122
95.143.188.129

LukasB_0-1663265938108.pngLukasB_1-1663266012645.png

 




Who Me Too'd this topic