so.cl

CrackMapExec (CME) is a popular post-exploitation framework and penetration testing tool, and it’s frequently used in the field. Although CME is versatile and modular, it has become a target for threat actors exploiting its features for malicious purposes. For that reason, it’s important for blue teams to keep up with updates of such frameworks. With the introduction of new modules and capabilities, defenders should make sure they have detections and hunting strategies in place. Understanding Red to Be Better at Blue: Navigating New CrackMapExec Updates