Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). The adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. These can be used in turn for compromise of additional systems, privilege escalation, or stealing more valuable credentials. This type of attack may ultimately give access to the Domain Controller and provide full control of a Windows-based infrastructure or business-related operator accounts.
This white-paper provides guidelines to detect the lateral movements exploiting NTLM and Kerberos protocols in a Windows Vista / 7 and 2008 based environment. Windows 10 introduces many additional security mechanisms, and hence CERT-EU is planning to release a separate white-paper regarding lateral movement detection on Windows 10.
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of …
Load More Related Articles
-
A Practical Model for Conducting Cyber Threat Hunting
There remains a lack of definition and a formal model from which to base threat hunting op… -
Analysis of the AmCache
Frequently overlooked and understudied, this database is rarely fully exploited when doing… -
Successful Insider Threat Investigations
No two insider threat investigations are ever the same—but a standardized process can help…
Load More In White Papers
Comments are closed.
