Detections
- Home
- - Detections
- -DT085
- ID: DT085
- Created: 25th July 2024
- Updated: 25th July 2024
- Platform: Windows
- Contributor: Ismael Briones-Vilar
Network Registry Key
In Microsoft Windows, when a subject maps a network drive persistently, a key named after the drive letter will appear in the Windows registry location HKEY_CURRENT_USER\Network\
. Each subkey under the Network key corresponds to a mapped network drive and contains information about the drive, including the network share path and the username used to connect to it.
Sections
ID | Name | Description |
---|---|---|
IF004.003 | Exfiltration via Personal NAS Device | A subject exfiltrates data using an organization-owned device (such as a laptop) by copying the data from the device to a personal Network Attached Storage (NAS) device, which is attached to a network outside of the control of the organization, such as a home network. Later, using a personal device, the subject accesses the NAS to retrieve the exfiltrated data. |