mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-16 07:53:18 +03:00
mukul975
1.2 KiB
1.2 KiB
Lateral Movement Hunt Template
Hunt Metadata
| Field | Value |
|---|---|
| Hunt ID | TH-LATMOV-YYYY-MM-DD-NNN |
| Analyst | |
| Date | |
| Status | [ ] In Progress / [ ] Complete |
Hypothesis
[e.g., "Adversaries are moving laterally via SMB admin shares using compromised domain admin credentials."]
Techniques Investigated
- T1021.001 - RDP
- T1021.002 - SMB/Admin Shares
- T1021.006 - WinRM
- T1047 - WMI
- T1569.002 - PsExec/Service Execution
- T1550.002 - Pass the Hash
- T1570 - Lateral Tool Transfer
Lateral Movement Path Map
[Source A] --RDP--> [Host B] --SMB--> [Host C] --WMI--> [Host D]
| |
+--PsExec--> [Host E] +--WinRM--> [Server F]
Findings
| # | Source | Destination | Account | Method | Logon Type | Time | Risk |
|---|---|---|---|---|---|---|---|
| 1 |
Affected Accounts
| Account | Type | Hosts Accessed | Movement Method |
|---|---|---|---|
Recommendations
- Containment: [Isolate systems, disable accounts]
- Credential Reset: [Scope of password resets needed]
- Detection: [New rules for identified patterns]