Χρήση του εργαλείου Sysmon για τον εντοπισμό επιθέσεων εσωτερικής μετακίνησης ενός επιτιθέμενου
View/ Open
Keywords
Sysmon ; Lateral Movement ; Windows Event Collection agent ; MITRE ATT&CKAbstract
This thesis presents the Sysmon tool as well as how to install and configure it so that the lateral movement of an attacker within the network can be detected. Sysmon is a Windows system monitoring tool that provides detailed information about process creations, network connections, and changes in file generation time. Through the event collection displayed by the Windows Event Collection agent, malware activity can be detected and the attacker’s activity within the network. First, the meaning of lateral movement is analyzed, using the Lateral Movement column according to the categorization of MITER ATT&CK and then with the help of Sysmon will be presented the recorded events identified during the process of lateral movement between two (2) Windows systems. Finally, the tool configuration techniques for the correct file logging will be developed as well as the various tools that will be used during this process. As a final result, there will be a sorted table with all the findings from this research.