Network Share Connection Removal
https://attack.mitre.org/techniques/T1070/005/
ATT&CK ID: T1070.005
Permissions Required: Administrator | User
Description
Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation. Windows shared drive and SMB/Windows Admin Shares connections can be removed when no longer needed. Net is an example utility that can be used to remove network share connections with the net use \system\share /delete
command.
[Source]
Techniques
Net (Native)
Registry
Mitigation
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Further Reading
NET USE: https://ss64.com/nt/net-use.html
Last updated