Once breached at the endpoint, what does an attacker do? Where is he going? What does he want? The truth of APTs and advanced attacks is that they just don't want one machine - they want access to the heart of the organization. Since 1999, Microsoft has made the Windows Domain the 'heart ' of the network. Once accessed, it permits the attacker to control the organization - undetected and indefinitely. This is what the attacker wants. This webinar will discuss all moves an attacker can make to go from a compromised machine to achieve his goal from a statistical point of view; we will present the probability of detection and evidence-gathering for any move made along the way.