Detecting the Elusive - Active Directory Threat Hunting
Detecting the Elusive Active Directory Threat Hunting is a comprehensive resource presented by Sean Metcalf (@Pyrotek3) that provides guidance on threat hunting in Active Directory environments. The resource covers various topics including tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity. Additionally, it discusses the importance of logging the correct type of data and correlating Event IDs to anomalous activity. The resource also introduces Microsoft Sysinternals System Monitor (Sysmon) as a tool for monitoring process activity, image loads, and network connections. Furthermore, it highlights interesting Microsoft binaries to monitor for potential security threats. The resource is an in-depth guide for security professionals and researchers to identify and mitigate Active Directory threats.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
The Cloudflare Learning Center provides educational resources covering various cybersecurity and internet-related topics, including DDoS attacks, CDNs, DNS, web application security, serverless computing, encryption protocols, bots, cloud computing, Zero Trust security, SASE, networking, data privacy, video streaming, email security, and AI.
APFS is a proprietary file system developed by Apple for macOS, offering improved performance, security, and reliability.
A comprehensive guide to hardening OpenLDAP on Linux using AppArmor and systemd, providing a defense in depth approach to securing LDAP deployments.
BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.
A tool for testing and analyzing RFID and NFC tags, allowing users to read and write data, and perform various attacks and tests.
A comprehensive guide for system administrators to detect and identify potential security threats on Windows 2000 systems.
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.