DFSP # 411 - NTLM Credential Validation

This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advantage of being concentrated on domain controllers, which allows you, as the analyst, leverage a great resource for user account analysis. I will have the background, artifact breakdown, and triage strategy coming up right after this…..

account analysis analyst controllers credential domain domain controllers events great kerberos lateral movement ntlm offer resource systems talking validation week window