How to find lateral movement with Corelight and MITRE ATT&CK

Presented by


Josef Gustafsson
Systems Engineer


Watch the recorded webinar

Corelight drives broad coverage across the MITRE ATT&CK TTPs using an approach focused on visibility and explainable, evidence-based analytics. The foundation of this approach is Zeek® network telemetry, data that captures activity across a broad set of network protocols and fuels advanced

In this on-demand webinar you will learn how to: 
  • Find pass the hash attacks where attackers authenticate without the user's cleartext password
  • Spot attempts to gain unauthorized interactive access to workstations and servers via RDP
  • Monitor FTP for potential transferers of malicious toolkits into your environment
Josef Gustafsson - image


Josef Gustafsson

Systems Engineer

Josef Gustafsson is a Systems Engineer at Corelight Nordics. With a background in securing critical networks, he helps defenders respond to threats by gaining visibility into adversary activity across their on-premise, private- and public cloud environments.


Corelight provides security teams with network evidence so they can protect the world's most critical organizations and companies.