Just another day of IR, Threat-Hunting & Microsoft Security
How do you investigate an Active Directory environment? are you also analyzing the metadata or just investigating an event log on each DC? If you investigate only the event logs, in some cases, it’s not...
How do you investigate an Active Directory environment? are you also examining metadata or investigate an event log on each DC? If you investigate just event logs, it’s not enough, and you should and even...
How do you handle the KRBTGT object? And when was the last time you changed KRBTGT password? or which AD attacks can be performed by using KRBTGT. The post-Monitor KRBTGT with Azure Sentinel describes why...
In every version of the Windows client and Windows server, there are some security improvements. Some of them are meaningful, and others less. There are relevant security features with Windows 8.1 and Windows Server 2012...
This post will describe the steps to prepare and deploy TDAD (Javelin). This is part of a series of articles about Javelin AD Protect and installing, configuring, and investigating incidents. This one will focus on...
This is part of series articles about Javelin AD Protect and how to install, configure and investigate incidents. this post will introduce the Javelin AD Protect. The Symantec Endpoint Threat Defense for AD, aka AD...
Each company has different security challenges, but the common is securing Active Directory, which remains a critical issue because it’s used to store increasing amounts of data. Currently, businesses face a major risk in granting...
In a password spray attack, the hacker tries the most common passwords across many different accounts and services to gain access to any password-protected assets they can find. Usually, these span many various organizations and identity...
