Lateral Movement Artefacts

This is a very good and extensive list of lateral movement artefacts by Patrick Olsen. His blog in general is also very good to find DFIR resources. http://sysforensics.org/2014/01/lateral-movement/

The top 10 windows logs event’s used to catch hackers

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id's for their detection. Another must read. http://www.slideshare.net/Hackerhurricane/the-top-10-windows-logs-event-ids-used-v10

Windows Commands abused by attackers (Japan CERT)

One more interesting article about the most abused commands in windows. It is a must read if you are interesting in endpoint hunting. http://blog.jpcert.or.jp/.s/2016/01/windows-commands-abused-by-attackers.html

Detecting Lateral Movement in APT’S by Japan CERT

I am not going to add much to this article, I know is not very original but you should go straight into the presentation. It is worth your time if you are looking to understand lateral movement, examples with windows event id's and Kerberos KDC vulnerability. https://www.first.org/resources/papers/conf2016/FIRST-2016-105.pdf

Book: Learn about firewall design, Juniper Networks

Mini-book oriented to firewall design. The book explains very well the role that the company policy plays when designing the firewall. It is a very easy to read, well written and a refresher if you are studying firewall design and monitoring. I particularly used it to refresh and get ideas on those indicators that are interesting … Continue reading Book: Learn about firewall design, Juniper Networks