Lateral Movement Observability
Experiment focused on host and network visibility during east-west movement
Objective
Measure whether lateral movement is observable across host logs, network telemetry, and central analytics in a way that supports useful defensive action.
Why This Matters
East-west movement often exposes the gap between raw telemetry collection and real defensive visibility.
Focus
- remote execution
- authentication chaining
- remote service creation
- admin share misuse
- cross-host analyst visibility