Videos
Home » Videos » T02 - DFIR: Tracing lateral movements on day d.

T02 - DFIR: Tracing lateral movements on day d.

Chema García
This workshop shows the use of a tool to automate the process of creating relationships between logon events from security events in Windows, showing a graphic relationship between users (domain or local), the machines involved in the relationship , duration of the session, etc. Allowing you to quickly consult which users had a session started at a certain time. Likewise, the tool has several output modules, allowing integration with third-party tools and the exploitation of the resulting data: CSV, Neo4J, SQLite, Gephi, Graphviz, JSON.