7 Network and Key Assets Discovery

By this stage, threat actors already have access to one of the hosts in the victim’s infrastructure, have successfully established a foothold on that host, and, if necessary, have escalated their privileges, gained access to authentication data, and bypassed defenses. The natural progression of the attack at this stage is to conduct internal research that will help the attackers understand what infrastructure they are in, what the network topology is, which hosts are present, which of them are joined to a domain, which ones are running specific applications, which versions of operating systems they have installed, what security agents and tooling are used, and much more. The information gathered can not only ...

Get Incident Response for Windows now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response for Windows by Anatoly Tykushin, Svetlana Ostrovskaya

7

Network and Key Assets Discovery

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly