Using Suricata to detect lateral movement in Windows environment
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Show slide in full page or toggle automatic source change | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Suricata can be used to provide visibility and build detection of lateral movement in Windows environment using dedicated signatures or analysis of network security monitoring data. The talk will provide practical methods to increase visibility and provide detection of attacks.
This talk will describe how Suricata IDS and NSM features can be used to detect lateral movement in Windows based environments. The focus will be made on SMB based attacks (including Red Team Tooling) as with a specific attention on DCERPC layer of SMB but data extracted from protocols such as Kerberos will also be looked at.
The talk will include a presentation of the free SMB lateral ruleset published by Stamus Networks . It will show some practical hunting techniques that can be used when working with SMB protocol.
Éric has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. He has worked on the development of Suricata – the open source network threat detection engine – since 2009, is a board member of OISF, and was a member of the Netfilter Core Team for the Linux kernel's firewall layer.
Other media in the channel "2023"
106 views, 10 this yearWhy cyberoffense will never be regulatedJuly 5th, 2023
123 views, 30 this year, 10 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
17 views, 2 this yearHow to survive to STIX parsing?July 5th, 2023
19 views, 6 this yearASN.1 templating for fun and profitJuly 5th, 2023
7 views, 2 this yearzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023
49 views, 12 this year, 2 this monthPHP filter chains: How to use itJuly 5th, 2023