NORMA eResearch @NCI Library

How to detect lateral movement in the Windows operating system?

Somashekarappa, Nikhil (2021) How to detect lateral movement in the Windows operating system? Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (2MB) | Preview
[thumbnail of Configuration manual]
PDF (Configuration manual)
Download (1MB) | Preview


In advance persistent threat (APT) attacks on businesses, lateral movement (LM) is one of the most significant phases. The attackers employ lateral movement to get network access while remaining undetected. If not recognized early enough, lateral movement attacks can be highly dangerous. The purpose of this research is to look at lateral movement detection techniques in the Windows operating system. To identify the lateral movement, the windows event log monitoring and analysis methods are utilized. The following research project examines the two most common lateral movement attack techniques: pass-the-hash and pass-the-ticket. Windows server security event logs are used as the input source for the application. The project proposes an alert triggering system by monitoring windows logs in case of lateral movement. The monitoring system proposed has achieved the desired efficiency and output.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Lateral movement; Cyber security; intrusion; monitoring; alert triggering; security-auditing
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 05 Jan 2023 15:46
Last Modified: 05 Jan 2023 15:46

Actions (login required)

View Item View Item