Masters's thesis

Introduction

This website will be used to publish informations about my masters's thesis. The work done so far includes:

We described the basics of Active Directory and also describe most of the attacks that we want to analyse.

The attacks were practically realized and we determined what event logs are created on both Domain Controller and workstation when the attack happens.

In the next few months we plan to expand the analysis to recommended configuration of logging (from the default settings) and create a tool which would be able to detect these attacks from supplied event logs.

Extended assignment[SVK]
Presentation[SVK]
Article[SVK]

Goals

Goal 1

Analyse advanced attacks of Active Directory and identify various forensic artifacts.
Goal 2

Propose a process to collect relevant digital footprints.
Goal 3

Design, implement a evaluate a tool, which would extract relevant digital footprints, perform a triage and analyse the collected data.

Goal 1

Goal 2

Goal 3