This is a very good and extensive list of lateral movement artefacts by Patrick Olsen. His blog in general is also very good to find DFIR resources.
Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id’s for their detection. Another must read.
One more interesting article about the most abused commands in windows. It is a must read if you are interesting in endpoint hunting.
I am not going to add much to this article, I know is not very original but you should go straight into the presentation. It is worth your time if you are looking to understand lateral movement, examples with windows event id’s and Kerberos KDC vulnerability.
Mini-book oriented to firewall design. The book explains very well the role that the company policy plays when designing the firewall. It is a very easy to read, well written and a refresher if you are studying firewall design and monitoring. I particularly used it to refresh and get ideas on those indicators that are interesting to monitor in firewalls.
This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!
Very interesting research by Holly Williams (https://www.gracefulsecurity.com/)
If you had doubts about AV….