ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

This module covers Windows logon basics. By the end you will understand: * basic Windows authentication artifacts * how to differentiate between local and domain logons * how to hunt for some common credential access and lateral movement techniques Windows logon events are crucial for investigating a potential compromise. In an incident investigation they help us answer important questions like: * Which credentials could the attacker have compromised? * Which systems did the attacker access? * Which lateral movement technique did the attacker use? * What data could the attacker have compromised? The events in your SIEM can be found in the following timespan: 11 Dec 2022 - 17 Dec 2022.

Windows Logons

Share on Twitter
Share on LinkedIn

This module covers Windows logon basics. By the end you will understand:

  • basic Windows authentication artifacts
  • how to differentiate between local and domain logons
  • how to hunt for some common credential access and lateral movement techniques

Windows logon events are crucial for investigating a potential compromise. In an incident investigation they help us answer important questions like:

  • Which credentials could the attacker have compromised?
  • Which systems did the attacker access?
  • Which lateral movement technique did the attacker use?
  • What data could the attacker have compromised?

The events in your SIEM can be found in the following timespan: 11 Dec 2022 - 17 Dec 2022.

Free Module

Sign up to access this module's content.