-
Notifications
You must be signed in to change notification settings - Fork 77
/
Copy pathLinks.txt
29 lines (20 loc) · 1.3 KB
/
Links.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Security Onion Documentation
https://docs.securityonion.net
Configure Windows Event collection
https://learn.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection
Steal or Forge Kerberos Tickets: Kerberoasting
https://attack.mitre.org/techniques/T1558/003/
Event ID 4611 (often generated by mimikatz) A trusted logon process has been registered with the local System authority.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4611
Event ID 4673 (often generated by mimikatz) When the tool tries to assign itself missing permissions.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4673
4662(S, F): An operation was performed on an object
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4662#security-monitoring-recommendations
Security assessment: Unsecure SID History attributes
https://learn.microsoft.com/en-us/defender-for-identity/security-assessment-unsecure-sid-history-attribute
4625(F): An account failed to log on
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625
Brute Force
https://attack.mitre.org/techniques/T1110/
4740(S): A user account was locked out
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4740