Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). The adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. These can be used in turn for compromise of additional systems, privilege escalation, or stealing more valuable credentials. This type of attack may ultimately give access to the Domain Controller and provide full control of a Windows-based infrastructure or business-related operator accounts.
This white-paper provides guidelines to detect the lateral movements exploiting NTLM and Kerberos protocols in a Windows Vista / 7 and 2008 based environment. Windows 10 introduces many additional security mechanisms, and hence CERT-EU is planning to release a separate white-paper regarding lateral movement detection on Windows 10.
-
volatility-wnf: Browse and dump Windows Notification Facilities
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.… -
Learning Android Forensics, 2nd Edition has been released
The 2nd edition of Learning Android Forensics by Oleg Skulkin, Donnie Tindal and Rohit Tam… -
yara_tools: Create YARA Rules In Python
Michael Matonis has written a library that helps security researchers create simple or com…
Load More Related Articles
-
Successful Insider Threat Investigations
No two insider threat investigations are ever the same—but a standardized process can help… -
Whitepaper: Acquiring and Parsing Data from iOS 11 Devices
Over its last few releases, Apple’s iOS—the operating system running on iPhones, iPads, an… -
Comments on “Windows Registry Forensic Tool Specification”
Maxim Suhanov has published his comments on NIST’s “Windows Registry Forensic Tool S…
Load More In White Papers
