Date of Award
5-2021
Culminating Project Type
Starred Paper
Degree Name
Information Assurance: M.S.
Department
Information Assurance and Information Systems
College
Herberger School of Business
First Advisor
Mailewa Akalanka
Second Advisor
Mark B. Schmidt
Third Advisor
Erich Rice
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Keywords and Subject Headings
Lateral Movement, Cyber Security, Novel Techniques, RDP
Abstract
Lateral Movement is a pervasive threat that exists because modern networked systems that provide access to multiple users are far more efficient than their non-networked counterparts. It is a well-known attack methodology with extensive research completed into preventing lateral movement in enterprise systems. However, attackers are using more sophisticated methods to move laterally that bypass typical detection systems. This research comprehensively reviews the problems in lateral movement detection and outlines common defenses to protect modern systems from lateral movement attacks. A literature review is conducted, outlining new techniques for automatic detection of malicious lateral movement, explaining common attack methods utilized by Advanced Persistent Threats, and components built into the Windows operating system that can assist with discovering malicious lateral movement. Finally, a novel method for moving laterally is introduced and studied, and an original method for detecting this method of lateral movement is proposed.
Recommended Citation
Rozendaal, Kyle, "Lateral Movement in Windows Systems and Detecting the Undetected ShadowMove" (2021). Culminating Projects in Information Assurance. 114.
https://repository.stcloudstate.edu/msia_etds/114
Comments/Acknowledgements
A big thank you to Dr. Amirreza Niakanlahiji, Dr. Jinpeng Wei, Md Rabbi Alam, Qingyang Wang, and Bei-Tseng Chu for inspiring this research with their research into novel lateral movement techniques and for developing ShadowMove. Especially to Md Rabbi Alam and Jinpeng Wei for their patience and assistance sharing their proof-of-concept code and helping this C++ novice troubleshoot errors in execution.
A thank you to my wife and family for putting up with my long hours hiding in the basement completing this research.