{"id":990332,"date":"2025-10-05T17:11:37","date_gmt":"2025-10-05T14:11:37","guid":{"rendered":"https:\/\/gpss.ro\/security-guide\/cartea-alba-de-securitate-2017-002_detectarea-miscarilor-laterale-in-infrastructura-windows-marti-18-aprilie-2017-042700-pm-cest-7\/"},"modified":"2025-10-12T12:59:13","modified_gmt":"2025-10-12T09:59:13","slug":"cartea-alba-de-securitate-2017-002_detectarea-miscarilor-laterale-in-infrastructura-windows-marti-18-aprilie-2017-042700-pm-cest-7","status":"publish","type":"security_advisory","link":"https:\/\/delve.ro\/ro\/security-guide\/cartea-alba-de-securitate-2017-002_detectarea-miscarilor-laterale-in-infrastructura-windows-marti-18-aprilie-2017-042700-pm-cest-7\/","title":{"rendered":"Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure\n                            \n                            Tuesday, April 18, 2017 04:27:00 PM CEST\n                            Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detectthe lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments."},"content":{"rendered":"<div class=\"gpss-language-switcher\" style=\"margin-bottom: 20px; padding: 15px; background: #f0f9ff; border-left: 4px solid #3b82f6; border-radius: 8px;\">\n            <div style=\"display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 10px;\">\n                <div style=\"display: flex; align-items: center; gap: 10px;\">\n                    <span style=\"font-weight: 600; color: #1e40af;\">\ud83c\udf0d Limb\u0103 \/ Language:<\/span>\n                    <button onclick=\"switchLanguage('en')\" id=\"btn-lang-en\" class=\"lang-btn lang-btn-active\" style=\"padding: 8px 16px; background: #3b82f6; color: white; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddec\ud83c\udde7 English (Original)\n                    <\/button>\n                    <button onclick=\"switchLanguage('ro')\" id=\"btn-lang-ro\" class=\"lang-btn\" style=\"padding: 8px 16px; background: #e5e7eb; color: #374151; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103\n                    <\/button>\n                <\/div>\n                <small style=\"color: #6b7280; font-style: italic;\">Traducere automat\u0103 \/ Automatic translation<\/small>\n            <\/div>\n        <\/div>\n\n        <div id=\"content-en\" class=\"lang-content\" style=\"display: block;\">\n            <div class=\"article-content\">CERT-EU security guidance: Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure\n                            \n                            Tuesday, April 18, 2017 04:27:00 PM CEST\n                            Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detectthe lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments.<\/div>\n        <\/div>\n\n        <div id=\"content-ro\" class=\"lang-content\" style=\"display: none;\">\n            <div class=\"article-content\"><?xml encoding=\"UTF-8\"><p>Ghid de securitate Cert-UE: Securitate Alb&#259; 2017-002_detectarea mi&#537;c&#259;rilor laterale &icirc;n infrastructura Windows\n                            \n                            Mar&#539;i, 18 aprilie 2017 04:27:00 PM CEST\n                            Tehnicile de mi&#537;care lateral&#259; sunt utilizate pe scar&#259; larg&#259; &icirc;n atacurile cibernetice sofisticate, &icirc;n special &icirc;n amenin&#539;&#259;rile persistente avansate (APT). Un adversar folose&#537;te aceste tehnici pentru a accesa alte gazde dintr -un sistem compromis &#537;i a avea acces la resurse sensibile, cum ar fi c&#259;su&#539;e po&#537;tale, foldere partajate sau acredit&#259;ri. Aceast&#259; h&acirc;rtie alb&#259; ofer&#259; linii directoare pentru detectarea mi&#537;c&#259;rilor laterale care exploateaz&#259; protocoalele NTLM &#537;i Kerberos &icirc;n mediile bazate pe Windows 7 &#537;i 2008.<\/p><\/div>\n        <\/div>\n\n        <script>\n        function switchLanguage(lang) {\n            \/\/ Ascunde ambele versiuni\n            document.getElementById(\"content-ro\").style.display = \"none\";\n            document.getElementById(\"content-en\").style.display = \"none\";\n\n            \/\/ Reseteaz\u0103 stilurile butoanelor\n            document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n                btn.style.background = \"#e5e7eb\";\n                btn.style.color = \"#374151\";\n                btn.classList.remove(\"lang-btn-active\");\n            });\n\n            \/\/ Afi\u0219eaz\u0103 versiunea selectat\u0103\n            if (lang === \"ro\") {\n                document.getElementById(\"content-ro\").style.display = \"block\";\n                document.getElementById(\"btn-lang-ro\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-ro\").style.color = \"white\";\n                document.getElementById(\"btn-lang-ro\").classList.add(\"lang-btn-active\");\n            } else {\n                document.getElementById(\"content-en\").style.display = \"block\";\n                document.getElementById(\"btn-lang-en\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-en\").style.color = \"white\";\n                document.getElementById(\"btn-lang-en\").classList.add(\"lang-btn-active\");\n            }\n\n            \/\/ Salveaz\u0103 preferin\u021ba \u00een localStorage\n            localStorage.setItem(\"gpss_preferred_language\", lang);\n        }\n\n        \/\/ Restaureaz\u0103 preferin\u021ba utilizatorului la \u00eenc\u0103rcare\n        document.addEventListener(\"DOMContentLoaded\", function() {\n            var preferredLang = localStorage.getItem(\"gpss_preferred_language\") || \"ro\";\n            switchLanguage(preferredLang);\n        });\n\n        \/\/ Hover effects pentru butoane\n        document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n            btn.addEventListener(\"mouseenter\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#bfdbfe\";\n                    this.style.color = \"#1e40af\";\n                }\n            });\n            btn.addEventListener(\"mouseleave\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#e5e7eb\";\n                    this.style.color = \"#374151\";\n                }\n            });\n        });\n        <\/script>\n\n        <style>\n        .lang-btn:hover {\n            transform: translateY(-2px);\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.3);\n        }\n        .lang-btn-active {\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.4);\n        }\n        <\/style>","protected":false},"excerpt":{"rendered":"<p>\ud83c\udf0d Limb\u0103 \/ Language: \ud83c\uddec\ud83c\udde7 English (Original) \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103 Traducere automat\u0103 \/ Automatic translation CERT-EU security guidance: Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure Tuesday, April 18, 2017 04:27:00 PM CEST Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":[],"advisory_audience":[191],"advisory_topic":[],"advisory_source":[181],"advisory_severity":[184],"advisory_region":[176],"news_source":[],"class_list":["post-990332","security_advisory","type-security_advisory","status-publish","hentry","advisory_audience-technical","advisory_source-cert-eu","advisory_severity-medium","advisory_region-international"],"_links":{"self":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory\/990332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory"}],"about":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/types\/security_advisory"}],"version-history":[{"count":1,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory\/990332\/revisions"}],"predecessor-version":[{"id":991011,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/security_advisory\/990332\/revisions\/991011"}],"wp:attachment":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/media?parent=990332"}],"wp:term":[{"taxonomy":"advisory_audience","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_audience?post=990332"},{"taxonomy":"advisory_topic","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_topic?post=990332"},{"taxonomy":"advisory_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_source?post=990332"},{"taxonomy":"advisory_severity","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_severity?post=990332"},{"taxonomy":"advisory_region","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/advisory_region?post=990332"},{"taxonomy":"news_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/news_source?post=990332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}