Tracer

Detection of unauthorized PsExec lateral movement activity originating from workstation FORELAWKSTN001. Investigation confirmed 9 separate PsExec execution instances indicating sustained adversary activity and systematic lateral movement across the network. Adversary utilized legitimate Microsoft Sysinternals PsExec tool (Living Off The Land technique) to execute remote commands with SYSTEM privileges.