Explore the concept of network gravity in enterprise networks through a conference talk from BSides Tampa 2020. Delve into the origins, use cases, and a detailed walkthrough of the theory, including steps to identify domain controllers, endpoint discovery, logging, egress traffic analysis, and internal visibility. Gain insights into endpoint detection coverage and learn about additional sub-theories and the future of network gravity. Enhance your understanding of enterprise network security and analysis techniques in this 44-minute presentation by Casey Martin.
Overview
Syllabus
Intro
DISCLAIMERS
THE ORIGINS
USE CASES
WALKTHROUGH / DEMONSTRATION
ORGANIZATION PROFILE
GENERAL FLOW Step 1: Identify domain controllers
DOMAIN CONTROLLERS QUERY
DOMAIN CONTROLLERS FINDINGS
ENDPOINT DISCOVERY QUERY
ENDPOINT DISCOVERY FINDINGS
ENDPOINT LOGGING QUERY
ENDPOINT LOGGING FINDINGS
EGRESS TRAFFIC QUERY
EGRESS TRAFFIC FINDINGS
INTERNAL VISIBILITY QUERY
INTERNAL VISIBILITY FINDINGS
ENDPOINT DETECTION COVERAGE QUERY
ENDPOINT DETECTION COVERAGE FINDINGS
CURRENT MAP
ADDITIONAL SUB THEORIES
FUTURE OF THE THEORY
