The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Windows services associated with most common remote control tools

Description: This query looks for service names associated with the most common remote control tools that can be leveraged by attackers to maintain remote access to IT infrastructure. 

What The Data Shows:  Indicates if  AmmyAdmin, *VNC, Teamviewer or LogMein remote control tools has its service currently installed or had been operational prior.

SQL:

SELECT * from services WHERE name = 'AmmyyAdmin' OR name LIKE '%vnc%' OR name = 'TeamViewer' OR name like '%LogMeIn%';

 

 

3 Comments
jnelson
Carbon Black Employee

@jaydelcic it seems like you have LogMeIn in there twice. Can you please edit it and I will approve it? Thanks, and nice query!

jaydelcic
Contributor

Done

jnelson
Carbon Black Employee
Status changed to: Approved