Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
Research Space
Threat Hunting
Pass-the-Hash via Mimikatz Remote Logon [T1550.002]
Windows Event Logging
Process Creation Auditing
Active Directory Attempts to access ntds.dit
Active Directory Network shares Access
Security Solution
Splunk: Alert Management
QRadar: Windows Event Logs Forwarding
Red Team Assessment
Active Directory Logons and Session
Kerberos
Detection Pipeline
Splunk: Sigma Rule pipeline for Windows Event Logs
Incidence Response
Incidence Evidence collection and analysis
Table of contents
Process Creation Auditing
Active Directory Attempts to access ntds.dit
Active Directory Network shares Access