How to detect lateral movement in the Windows operating system?

Somashekarappa, Nikhil (2021) How to detect lateral movement in the Windows operating system? Masters thesis, Dublin, National College of Ireland.

Preview	PDF (Master of Science) Download (2MB) | Preview
Preview	PDF (Configuration manual) Download (1MB) | Preview

Abstract

In advance persistent threat (APT) attacks on businesses, lateral movement (LM) is one of the most significant phases. The attackers employ lateral movement to get network access while remaining undetected. If not recognized early enough, lateral movement attacks can be highly dangerous. The purpose of this research is to look at lateral movement detection techniques in the Windows operating system. To identify the lateral movement, the windows event log monitoring and analysis methods are utilized. The following research project examines the two most common lateral movement attack techniques: pass-the-hash and pass-the-ticket. Windows server security event logs are used as the input source for the application. The project proposes an alert triggering system by monitoring windows logs in case of lateral movement. The monitoring system proposed has achieved the desired efficiency and output.

Item Type:	Thesis (Masters)
Uncontrolled Keywords:	Lateral movement; Cyber security; intrusion; monitoring; alert triggering; security-auditing
Subjects:	Q Science > QA Mathematics > Electronic computers. Computer science T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions:	School of Computing > Master of Science in Cyber Security
Depositing User:	Tamara Malone
Date Deposited:	05 Jan 2023 15:46
Last Modified:	05 Jan 2023 15:46
URI:	https://norma.ncirl.ie/id/eprint/6063

Actions (login required)

View Item