Thursday, July 20, 2017
Wannacry and NotPetya are just the beginning - Can you detect lateral movement from Event Logs - Yes but how?
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has a excellent document
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) extracted tools used by many attackers by investigating recently confirmed cases of targeted attacks. Then, a research was conducted to investigate what kind of logs were left on the server and clients by using such tools, and what settings need to be configured to obtain logs that contain sufficient evidential information. This report is a summary of the results of this research
The following Page has a PDF link
https://www.jpcert.or.jp/english/pub/sr/ir_research.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment