A closer look at LATMA, the open-source lateral movement detection tool
In this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool. It’s engineered with advanced algorithms to track and report any unusual activity within an environment.
The tool consists of two modules:
Logs collector – This module collects authentication traffic from the Active Directory environment. It gathers the logs from the domain controllers and endpoints, focusing only on interactive Kerberos and NTLM authentications.
Analyzer module – This module inputs the logs from the collector and outputs a detailed report containing the patterns that LATMA found, how they’re connected, who performed them, and when. It also visualizes the findings in a GIF.