all InfoSec news
DFSP # 395 - Lateral Movement and Admin Logons
Digital Forensic Survival Podcast digitalforensicsurvivalpodcast.libsyn.com
This week is on lateral movement detection techniques. Inspecting Domain Admin account logons is a key component to lateral movement triage. Admin accounts are sought after by attackers for their elevated privileges. Evidence is often left behind both on the targeted system and on the domain controller. Both these factors provide protection opportunity through Windows event log analysis. I’ll break down the method....
account accounts admin attackers controller detection domain domain admin domain controller key lateral movement privileges system techniques triage week