PsExec is a command-line tool from the Microsoft Sysinternals suite that enables remote command execution on Windows systems. Administrators use it for remote maintenance and diagnostics. Attackers frequently leverage PsExec for lateral movement within a compromised network, since it is available on many Windows systems and requires no additional software installation. PsExec transfers commands via SMB shares and creates temporary services on the target system. In your SIEM, you should monitor for unexpected service creation and PsExec usage. Restrict SMB access between workstations to limit exploitation opportunities.