Monday 06 July 2026 01:31:01 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Remote Management and Monitoring

Legitimate admin tools that attackers sometimes abuse for access or control.

Remote Management and Monitoring (RMM) refers to legitimate admin software used by IT teams and managed service providers to remotely access endpoints, deploy updates, run scripts, and monitor system health. Examples include tools for remote desktop, asset inventory, patching, and unattended support. In normal operations, RMM reduces manual work and helps teams respond quickly.

In cyber security, RMM matters because attackers often abuse trusted administration tools instead of dropping obvious malware. If they gain credentials, they can install or repurpose RMM software to maintain access, move laterally, exfiltrate data, or control systems while blending in with normal support activity. Defenders look for unusual installs, new admin consoles, suspicious remote sessions, and RMM traffic from unexpected hosts or accounts. Allowlisting approved tools, enforcing strong authentication, and monitoring for unauthorized use help reduce this risk.

← WIKICROOK index