Using Suricata to detect lateral movement in Windows environment
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamInformation on this media
Links:
Number of views:
22 (this month: 2)Creation date:
July 5, 2023Speakers:
Éric LeblondLicense:
CC BY-SA v4Description
Suricata can be used to provide visibility and build detection of lateral movement in Windows environment using dedicated signatures or analysis of network security monitoring data. The talk will provide practical methods to increase visibility and provide detection of attacks.
This talk will describe how Suricata IDS and NSM features can be used to detect lateral movement in Windows based environments. The focus will be made on SMB based attacks (including Red Team Tooling) as with a specific attention on DCERPC layer of SMB but data extracted from protocols such as Kerberos will also be looked at.
The talk will include a presentation of the free SMB lateral ruleset published by Stamus Networks . It will show some practical hunting techniques that can be used when working with SMB protocol.
Éric has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. He has worked on the development of Suricata – the open source network threat detection engine – since 2009, is a board member of OISF, and was a member of the Netfilter Core Team for the Linux kernel's firewall layer.
Other media in the channel "2023"
92 views, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
85 views, 5 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
15 views, 3 this monthHow to survive to STIX parsing?July 5th, 2023
13 views, 1 this monthASN.1 templating for fun and profitJuly 5th, 2023
5 views, 2 this monthzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023
34 views, 4 this monthPHP filter chains: How to use itJuly 5th, 2023