Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch

Blog Article

This research investigates the elusive tactic of lateral movement employed by adversaries within a compromised network.The focus is on identifying the mechanisms and techniques used for lateral movement, with a particular emphasis on credential access.The study leverages a custom-designed Security Information and Event Management (SIEM) system built upon Elasticsearch, coupled with powerful KQL aptamil allerpro (Kibana Query Language) and Lucene search queries.

Employing a realistic dataset, the research simulates an adversary’s TTPs (Tactics, Techniques, and Procedures) to dive deep into the critical area of credential access.This unique approach allows for the motovox scooter parts identification of indicators of compromise (IoCs) and the construction of targeted search queries to uncover signs and traces of lateral movement within the simulated environment.The findings contribute valuable insights into detection methodologies and highlight the effectiveness of an SIEM system in conjunction with advanced search functionalities for proactively countering lateral movement attempts.

Report this page

THREAT HUNTING THE SHADOWS: DETECTING ADVERSARY LATERAL MOVEMENT WITH ELASTICSEARCH

Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch

Threat Hunting the Shadows: Detecting Adversary Lateral Movement With Elasticsearch

Blog Article

Comments

Unique visitors

Report page

Contact Us