Attacks & the Windows Logs Workshop
During this workshop we will check what are the most common techniques used by the attackers during lateral movement. We quickly introduce how the testing is done in some test labors, what are the difficulties, how seriously one can treat these results. During this process we examine how one can detect the given attack technique by the help of windows event log, and if it is visible by default or not. When the default detection is not working we will make the necessary steps, to enhance the log collection and be able to detect the given method.