search menu icon-carat-right cmu-wordmark

Threat Hunting for Lateral Movement

January 2018 Presentation
Adam Fuchs (Sqrrl), Ryan Nolette (Sqrrl)

In this presentation, the authors review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.

Abstract

As Threat Hunting becomes the prominent proactive security activity for Security Operations across the world, many organizations don’t know where to start or how. In this presentation, we will show the attack stages, the defensive side, and show the data science tools and techniques we use to detect these types of activities. This methodology can be applied to multiple scenarios and attacks and will be something attendees can bring back with them after the conference.