Research Space

Threat Hunting
- Pass-the-Hash via Mimikatz Remote Logon [T1550.002]
Windows Event Logging
Security Solution
- Splunk: Alert Management
- QRadar: Windows Event Logs Forwarding
Red Team Assessment
- Active Directory Logons and Session
- Kerberos
Detection Pipeline
- Splunk: Sigma Rule pipeline for Windows Event Logs
Incidence Response
- Incidence Evidence collection and analysis

This site uses Just the Docs, a documentation theme for Jekyll.

In Progress…