Pursue the Attackers – Identify and Investigate Lateral Movement Based on Behavior Pattern – by Shuhei Tomonaga, Keisuke-Muda
•Download as PPTX, PDF•
2 likes•1,417 views
The document discusses methods for identifying and investigating lateral movement by attackers during security incidents. It describes common tools and techniques used by attackers during different stages of an advanced persistent threat (APT) incident, including initial investigation, internal reconnaissance, spreading infection, and deleting evidence. The document analyzes logs and commands from past APT attacks to identify patterns in attacker behavior that can help with incident response. It notes that default system logs often do not provide enough information, so additional logging of events, processes, and network connections may be needed to fully trace attacker activities within a target network.
1 of 88
More Related Content
Pursue the Attackers – Identify and Investigate Lateral Movement Based on Behavior Pattern – by Shuhei Tomonaga, Keisuke-Muda
1. Pursue the Attackers
- Identify and Investigate Lateral
Movement Based on Behavior Pattern -
Shusei Tomonaga (JPCERT/CC)
Keisuke Muda (Internet Initiative Japan Inc.)