Using Suricata to detect lateral movement in Windows environment
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
25Creation date:
July 5, 2023Speakers:
Éric LeblondLicense:
CC BY-SA v4Description
Suricata can be used to provide visibility and build detection of lateral movement in Windows environment using dedicated signatures or analysis of network security monitoring data. The talk will provide practical methods to increase visibility and provide detection of attacks.
This talk will describe how Suricata IDS and NSM features can be used to detect lateral movement in Windows based environments. The focus will be made on SMB based attacks (including Red Team Tooling) as with a specific attention on DCERPC layer of SMB but data extracted from protocols such as Kerberos will also be looked at.
The talk will include a presentation of the free SMB lateral ruleset published by Stamus Networks . It will show some practical hunting techniques that can be used when working with SMB protocol.
Éric has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. He has worked on the development of Suricata – the open source network threat detection engine – since 2009, is a board member of OISF, and was a member of the Netfilter Core Team for the Linux kernel's firewall layer.
Other media in the channel "2023"
- 98 views, 98 this year, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
- 100 views, 100 this year, 2 this monthDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
- 16 views, 16 this yearHow to survive to STIX parsing?July 5th, 2023
- 15 views, 15 this yearASN.1 templating for fun and profitJuly 5th, 2023
- 5 views, 5 this yearzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023
- 43 views, 43 this year, 1 this monthPHP filter chains: How to use itJuly 5th, 2023