Certified: The GIAC GISF Audio Course

In this episode, we trace the methodical patterns of lateral movement and internal discovery used by advanced threat actors to navigate your network. We define lateral movement as moving from one system to another internally and explain internal discovery as the act of mapping hosts, shares, and services. The discussion focuses on why discovery typically precedes movement, as the attacker seeks the most efficient path toward their high-value targets. We practice a scenario where a compromised workstation leads to server probing, highlighting the risk of allowlisting broad internal connectivity. You will learn how to use network segmentation and the monitoring of authentication events as quick wins to break the attacker's cycle. We explain how "living off the land" tools allow intruders to blend into legitimate traffic, requiring a deep understanding of your technical baseline to detect anomalies. This situational awareness is essential for containing an intruder's spread and protecting your most sensitive server segments. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.