I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to navigate through them easily. In order to combat this, this blog post will contain references to all other blog posts in the Profiling Attackers Series, and will be updated when new posts are made.
|Detecting Lateral Movement in RSA NetWitness: WMI|
|Detecting Lateral Movement in RSA NetWitness: Winexe|
|Detecting Lateral Movement in RSA NetWitness: Smbexec|
|Using the RSA NetWitness Platform to Detect Lateral Movement: SCShell (DCE/RPC)|
|Web Shells and RSA NetWitness|
|Web Shells and NetWitness Part 2|
|Web Shells and RSA NetWitness Part 3|
|Using RSA NetWitness to Detect Credential Harvesting: lsassy|
Special thanks to Rui Ataide for his support and guidance for these posts.