Abstract
Advanced Persistent Threat (APT) is classified as a high threat stealthy attack on modern networks. It uses sophisticated techniques, which makes it very challenging to be detected. It can remain undetectable for an extended period by gaining unauthorized access and lateral movements in the target network. Depending on the APT group tools, responding to the initiated attack can be challenging and composite. Mimikatz is a credential theft tool used in many APT attacks to achieve their objectives. It calls Windows APIs in a particular order during the execution time. This makes the APT group vulnerable to being detected during lateral movements inside the targeted network. This paper focuses on APT detection and lateral movement of Mimikatz using Windows API sequence call. The primary objective is to decrease the detection time of any Mimikatz version in the network through real-time monitoring of the Windows API Calls Sequence Analysis. This study proves that APT attacks can be detected when they move inside the victim's environment.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
