A Novel Method for Moving Laterally and Discovering Malicious Lateral Movements in Windows Operating Systems: A Case Study

Authors

  • Akalanka Mailewa St. Cloud State University
  • Kyle Rozendaal

DOI:

https://doi.org/10.31357/ait.v2i3.5584

Keywords:

Lateral-movements, Cyber-attacks, Confidentiality, Security, Phishing, Threats, ShadowMove

Abstract

Lateral movement is a pervasive threat because modern networked systems that provide access to multiple users are far more efficient than their non-networked counterparts. It is a well-known attack methodology with extensive research conducted investigating the prevention of lateral movement in enterprise systems. However, attackers use increasingly sophisticated methods to move laterally that bypass typical detection systems. This research comprehensively reviews the problems in lateral movement detection and outlines common defenses to protect modern systems from lateral movement attacks. A literature review outlines techniques for automatic detection of malicious lateral movement, explaining common attack methods utilized by advanced persistent threats and components built into the Windows operating system that can assist with discovering malicious lateral movement. Finally, a novel approach for moving laterally designed by other security researchers is reviewed and studied, an original process for detecting this method of lateral movement is proposed, and the application of the detection methodology is also expanded.

Downloads

Published

2022-08-25

How to Cite

Mailewa, A., & Rozendaal, K. (2022). A Novel Method for Moving Laterally and Discovering Malicious Lateral Movements in Windows Operating Systems: A Case Study. Advances in Technology, 2(3), 291–321. https://doi.org/10.31357/ait.v2i3.5584

Issue

Section

Information and Communication Technology

Categories