7 Investigating Persistence and Lateral Movement Using Windows Event Logs

Attackers must maintain their foothold in the victim's environment to not repeat all infection phases again and they must keep pivoting in the victim's environment to search for sensitive data and high-value systems. As an SOC analyst and incident responder, you must be aware of the common persistence and lateral movement techniques used by attackers and be able to detect and investigate them by analyzing the event logs provided by Microsoft.

The objective of this chapter is to teach you common persistence and lateral movement techniques. You will also be able to investigate such activities by analyzing the recorded event logs on both the source and the target systems. ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

7

Investigating Persistence and Lateral Movement Using Windows Event Logs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly