Detecting the Elusive - Active Directory Threat Hunting Logo

Detecting the Elusive - Active Directory Threat Hunting

0
Free
Visit Website

Detecting the Elusive Active Directory Threat Hunting is a comprehensive resource presented by Sean Metcalf (@Pyrotek3) that provides guidance on threat hunting in Active Directory environments. The resource covers various topics including tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity. Additionally, it discusses the importance of logging the correct type of data and correlating Event IDs to anomalous activity. The resource also introduces Microsoft Sysinternals System Monitor (Sysmon) as a tool for monitoring process activity, image loads, and network connections. Furthermore, it highlights interesting Microsoft binaries to monitor for potential security threats. The resource is an in-depth guide for security professionals and researchers to identify and mitigate Active Directory threats.

FEATURES

ALTERNATIVES

A comprehensive cheat sheet for Windows and Linux terminals and command lines, covering essential commands and syntax for various tasks.

A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.

A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.

A comprehensive reference guide to Nmap's scripting engine and its various options, scripts, and target specifications.

APFS is a proprietary file system developed by Apple for macOS, offering improved performance, security, and reliability.

A quick reference guide for the VI editor, covering commands and modes.

A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.

The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.