Detecting the Elusive - Active Directory Threat Hunting
#Knowledge Base#Write-ups
Utilizing SIEM, SOAR, and EDR technologies to enhance security operations with a focus on reducing incident response time.
Detecting the Elusive Active Directory Threat Hunting
Detecting the Elusive Active Directory Threat Hunting is a detailed resource created by Sean Metcalf (@Pyrotek3). It offers valuable guidance on how to effectively conduct threat hunting within Active Directory environments.
The resource explores various topics related to security monitoring
The resource explores various topics, including tracking command-line and PowerShell activity, detecting Kerberoasting, auditing attacker behavior, and monitoring command-line activity within an enterprise. It also emphasizes the importance of logging the appropriate types of data and correlating Event IDs with anomalous activities.
The resource also introduces Microsoft Sysinternals
The resource also introduces Microsoft Sysinternals System Monitor (Sysmon), a tool designed for monitoring process activity, image loads, and network connections. Additionally, it emphasizes noteworthy Microsoft binaries that should be monitored for potential security threats.
Comprehensive Guide for Identifying and Mitigating Active Directory Threats
This resource serves as a comprehensive guide designed for security professionals and researchers. It aims to help them identify and mitigate threats related to Active Directory.
