Tag: Event log
January 20, 2023 |
Four Challenges with Monitoring Active Directory Security
With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity.
Many organizations turn to security information and event management (SIEM) products for...
December 20, 2022 |
Event Log Monitoring and Log Audit Software Basics
Event logs can help you spot and troubleshoot security events so you can protect your systems and data. However, log records can be hard to read, and logs so noisy that you often have to sift through pages of events to identify critical events and potential threats.
Read on to learn...
November 30, 2021 |
Performing Pass-the-Hash Attacks with Mimikatz
Mimikatz has become the standard tool for extracting passwords and hashes from memory, performing pass-the-hash attacks, and creating domain persistence through Golden Tickets. Let’s take a look at how easy Mimikatz makes it to perform pass-the-hash and other authentication-based attacks, and...
November 30, 2021 |
How to Detect Pass-the-Hash Attacks
Attackers frequently rely on lateral movement techniques to infiltrate corporate networks and obtain privileged access to credentials and data. In particular, one common technique is pass-the-hash: Hackers use stolen password hashes to authenticate as a user without ever having the user's...
April 28, 2021 |
SIEM vs Log Management
It now takes organizations 207 days to identify and 73 days to contain security breaches, according to IBM's 2020 Cost of a Data Breach Report. That means the average "lifecycle" of an incident is a staggering 280 days — 7 months!
Moreover, cybercrimes are becoming increasingly sophisticated...
January 15, 2016 |
How to Get User Logon Session Times from the Event Log
If you’re a knowledge worker, to be productive in a work environment, you’re probably going to need a user account. And you’re probably going to need to actually use this user account to login to your office and mobile devices. If you don’t, you’re probably not going to be working at that...
November 6, 2015 |
Windows Event Log Forwarding in Windows Server 2008
I love Active Directory auditing. I love it because with just a couple clicks of the mouse I can easily create a policy that immediately gets applied to 500 servers that begins recording useful information on about everything that goes on involving those servers. What I hate about AD auditing is...
September 22, 2015 |
Tracking Malicious Windows Server Events with PowerShell
Windows servers can potentially generate thousands—or even hundreds of thousands—of events daily. Most are created from perfectly safe events that system administrators use to get a glimpse of what’s going on. An event might be generated to indicate a disk is running out of free space, an...
July 16, 2015 |
Easy Event Log Querying with PowerShell
If you’re using any kind of native Active Directory (AD) auditing today you probably love the information it generates in the security event log. Native AD auditing is awesome about generating loads of useful information as to what happened and when. The problem arises when you actually want to...
April 29, 2015 |
Advanced Event Log Filtering Using PowerShell
In a previous blog post, Monitoring Event Logs with PowerShell, I showed you how to use Get-WinEvent to perform basic event log monitoring using PowerShell. In this article, I want to demonstrate how Get-WinEvent can be used to run more complex queries using the –FilterHashtable...