Threat Advisory: Telegram Crypto Botnet STRT-TA01 | Splunk
Solved Event Properties - Event 4798, Microsoft Windows | Chegg.com
Using Windows Event Log IDs for Threat Hunting - FourCore
4732(S) A member was added to a security-enabled local group. | Microsoft Learn
How do I disable the AppLogs agent?
Detecting LDAP enumeration and Bloodhound's Sharphound collector using AD Decoys | by Madhukar Raina | Securonix Tech Blog | Medium
Incident Response: Windows Account Management Event (Part 1) - Hacking Articles
process - what service creates windows security auditing event 4798 in Win 10 - Super User
1104(S) The security log is now full. | Microsoft Learn
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
Lateral Movement
Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below
EventList – the Baseline Event Analyzer | miriamxyra
Incident Response: Windows Account Management Event (Part 1) - Hacking Articles
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
Threat Hunting Using Windows Security Log - Security Investigation
First Steps After Compromise: Enumerating Active Directory - risk3sixty
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
SIEM - Security information and event management — Zercurity 1.6.0 (41f38f0) documentation
PowerView: Active Directory Enumeration - Red Team Notes
4725(S) A user account was disabled. | Microsoft Learn
I-SECURE CO., LTD. - 🔥 สูตรวิเคราะห์ Windows Event Log สำหรับ Threat Hunter และ Incident Responder 🔥 | Facebook
A Little Guide to SMB Enumeration - Hacking Articles
