Detecting Lateral Movement through Tracking Event Logs (Version 2)
This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. Updated Contents: This report is intended for incident investigation and explains what logs are recorded and what files are created upon execution of tools/commands that are often used in lateral movement. While the previous report mainly focused on investigation on event logs and registry entries, this updated report also covers other types of logs and files that are created during lateral movement. The report includes analysis results of various tools and commands that are likely used by attackers in lateral movement, and provides information on how to identify and analyze these tools and commands. The report is intended for incident responders, security analysts, and other professionals who are involved in incident response and incident investigation.
FEATURES
SIMILAR TOOLS
A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades.
Open source application to instantly remediate common security issues through the use of AWS Config.
WithSecure Elements Cloud is a modular cybersecurity platform that combines AI-powered software and expert services to provide comprehensive protection across endpoints, identities, and cloud environments.
A Live Response collection script for Incident Response that automates the collection of artifacts from various Unix-like operating systems.
An enterprise cybersecurity platform that unifies endpoint, cloud, and identity security through an integrated data lake architecture with AI-powered analysis capabilities.
WALKOFF is an automation framework for integrating capabilities and devices to streamline tasks.
Anomali is an AI-Powered Security Operations Platform that delivers speed, scale, and performance at a reduced cost, combining ETL, SIEM, XDR, SOAR, and TIP to detect, investigate, respond, and remediate threats.
Catalyst is a SOAR system that automates alert handling and incident response processes, adapting to your workflows and being open source.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.