Detecting Lateral Movement through Tracking Event Logs (Version 2) Logo

Detecting Lateral Movement through Tracking Event Logs (Version 2)

0
Free
Visit Website

This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. Updated Contents: This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. While the previous report mainly focused on investigation on event logs and registry entries, this updated report also covers other types of logs and files that are created during lateral movement. The report includes analysis results of various tools and commands that are likely used by attackers in lateral movement, and provides information on how to identify and analyze these tools and commands. The report is intended for incident responders, security analysts, and other professionals who are involved in incident response and incident investigation.

FEATURES

ALTERNATIVES

Enhances Windows OS security through system modifications and settings adjustments.

A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.

Tool to bypass endpoint solutions blocking known 'malicious' signed applications by obtaining valid signed files with different hashes.

A DevSecOps command line asset inventory tool

TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.

Scumblr is a web application for periodic syncs of data sources and security analysis to streamline proactive security.

CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.

Detect signed malware and track stolen code-signing certificates using osquery.

PINNED