Help Irongeek.com pay for bandwidth and research equipment:
Network gravity: Exploiring a enterprise network - Casey Martin (BSides Tampa 2020) (Hacking Illustrated Series InfoSec Tutorial Videos)
Network gravity: Exploiring a enterprise network
BSides Tampa 2020
Abstract: Enterprise networks are often complex, hard to understand, and worst of all - undocumented. Few organizations have network diagrams and asset management systems and even fewer organizations have those that are effective and up to date.
Leveraging an organization's SIEM or logging solution, network diagrams and asset inventories can be extrapolated from this data through the 'gravity' of the network. Similar to our solar system and galaxy, even if you cannot confirm or physically see an object, you can measure the forces of gravity it exerts on the observable objects around it that we do know about. For example, unconfirmed endpoints can be enumerated by the authentication activity they register on known domain controllers. The inferred list of endpoints and their network addresses can begin to map out logical networks. The unpolished list of logical networks can be mapped against known egress points to identify physical networks and potentially identify undiscovered egress points and the technologies that exist at the egress points. As more objects are extrapolated and inferred, the more accurate the model of your enterprise network will become.
Through this iterative and repeatable process, network diagrams and asset inventories can be drafted, further explored, refined, and ultimately managed. Even the weakest of observable forces can create fingerprints that security professionals can leverage to more effectively become guardians of the galaxy.
Casey Martin is an information security professional with a curiosity for enabling blue team operations. Casey has operated in all technical aspects of security operations as well as leading the customer enablement effort as the Director of Security Operations for some of the worlds most trusted brands. In his current role, Casey leads the Threat Management function at his organization which engages him in innovative functions such as SOC research and development, threat intelligence, and red team operations. Prior to moving to Tampa, Casey held security roles in the energy and educational sectors which was made possible through his education at the Rochester Institute of Technology.