Date of Award

5-2021

Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.

Department

Information Assurance and Information Systems

College

Herberger School of Business

First Advisor

Mailewa Akalanka

Second Advisor

Mark B. Schmidt

Third Advisor

Erich Rice

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

Lateral Movement, Cyber Security, Novel Techniques, RDP

Abstract

Lateral Movement is a pervasive threat that exists because modern networked systems that provide access to multiple users are far more efficient than their non-networked counterparts. It is a well-known attack methodology with extensive research completed into preventing lateral movement in enterprise systems. However, attackers are using more sophisticated methods to move laterally that bypass typical detection systems. This research comprehensively reviews the problems in lateral movement detection and outlines common defenses to protect modern systems from lateral movement attacks. A literature review is conducted, outlining new techniques for automatic detection of malicious lateral movement, explaining common attack methods utilized by Advanced Persistent Threats, and components built into the Windows operating system that can assist with discovering malicious lateral movement. Finally, a novel method for moving laterally is introduced and studied, and an original method for detecting this method of lateral movement is proposed.

Comments/Acknowledgements

A big thank you to Dr. Amirreza Niakanlahiji, Dr. Jinpeng Wei, Md Rabbi Alam, Qingyang Wang, and Bei-Tseng Chu for inspiring this research with their research into novel lateral movement techniques and for developing ShadowMove. Especially to Md Rabbi Alam and Jinpeng Wei for their patience and assistance sharing their proof-of-concept code and helping this C++ novice troubleshoot errors in execution.

A thank you to my wife and family for putting up with my long hours hiding in the basement completing this research.

Share

COinS