2023-07-05, 14:35–15:10 (Europe/Paris), Amphitheater
Suricata can be used to provide visibility and build detection of lateral movement in Windows environment using dedicated signatures or analysis of network security monitoring data. The talk will provide practical methods to increase visibility and provide detection of attacks.
This talk will describe how Suricata IDS and NSM features can be used to detect lateral movement in Windows based environments. The focus will be made on SMB based attacks (including Red Team Tooling) as with a specific attention on DCERPC layer of SMB but data extracted from protocols such as Kerberos will also be looked at.
The talk will include a presentation of the free SMB lateral ruleset published by Stamus Networks . It will show some practical hunting techniques that can be used when working with SMB protocol.
Éric has more than 15 years of experience as co-founder and CTO of cybersecurity software companies and is an active member of the security and open source communities. He has worked on the development of Suricata – the open source network threat detection engine – since 2009, is a board member of OISF, and was a member of the Netfilter Core Team for the Linux kernel's firewall layer.