Lateral Movement Detection Using ELK Stack
MetadataShow full item record
In recent time, it is becoming increasingly difficult to prevent initial infiltration of a network, making it important to always consider and improve detection of an ongoing incident. Any attacker spends most energy, time and is additionally the most defenseless against detection when the attacker is trying to move laterally from system to system to escalate privileges. This research takes into consideration, majority of tools and techniques used by adversaries to move in a windows-based network laterally. It showcases the execution of these tools and suggests how usage of such tools can be detected using logging. Hence, this research is an attempt at creating a solution which helps in detection of lateral movement happening inside a windows-based network by collecting logs and analyzing them using ELK stack as the logging tool.