APT Lateral Movement via Remote Administrative Protocols

Detects APT lateral movement using remote administration protocols (SMB, WMI, WinRM) initiated from command-line tools on end-user hosts. Correlates administrative processes with outbound connections to management ports.