WSUS Abuse for Lateral Movement and RCE (FDR)
Detects anomalous use of wuauclt and WSUS-related processes pointing to non-Microsoft servers, indicative of CVE-2025-59287 exploitation or WSUS hijacking techniques for lateral movement
Detects anomalous use of wuauclt and WSUS-related processes pointing to non-Microsoft servers, indicative of CVE-2025-59287 exploitation or WSUS hijacking techniques for lateral movement