4/20/24
Test detective and response capabilities
Validate the effectiveness of your security tools and procedures to detect attacks
Ability to bypass detection capabilities
What is the detection capability detecting?
21
21
Validate the effectiveness of your security tools and procedures to detect attacks
Process Injection
Authentication Attacks
§ Can you detect forged Kerberos tickets? § Can you detect password sprays?
§ Which process injection techniques can you detect?
Lateral Movement
Native Windows Commands
§ Can you detect network reconnaissance? § Can you detect a threat actor moving in your network?
§ Do standard users need to be running IT-like commands? § How many users need access to PowerShell?
22
22
11
Made with FlippingBook - Online catalogs