Update README.md
Rahmat Nurfauzi
GitHub
parent
4084d21ade
commit
2ada8f70d4
|
|
@ -279,6 +279,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|
|||
|PYKEK MS14-068|4672: Admin Logon<br>4624: Account Logon<br>4768: Kerberos TGS Request|
|
||||
|Kerberoasting|4769: A Kerberos ticket was requested|
|
||||
|Lateral Movement|4688: A new process has been created<br>4689: A process has exited<br>4624: An account was successfully logged on<br>4625: An account failed to log on|
|
||||
|DNSAdmin|770: DNS Server plugin DLL has been loaded<br>541: The setting serverlevelplugindll on scope . has been set to `<dll path>`<br>150: DNS Server could not load or initialize the plug-in DLL|
|
||||
|DCSync|4662: An operation was performed on an object|
|
||||
|Password Spraying|4625: An account failed to log on<br>4771: Kerberos pre-authentication failed<br>4648: A logon was attempted using explicit credentials|
|
||||
|
||||
|
|
@ -322,6 +323,7 @@ Advanced Threat Protection and Advanced Threat Analytics](https://www.blackhat.c
|
|||
* [Hunting for Gargoyle Memory Scanning Evasion](https://www.countercept.com/blog/hunting-for-gargoyle/)
|
||||
* [Planning and getting started on the Windows Defender Application Control deployment process](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
|
||||
* [How to Go from Responding to Hunting with Sysinternals Sysmon](https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow)
|
||||
* [Windows Event Forwarding Guidance](https://github.com/palantir/windows-event-forwarding)
|
||||
|
||||
## License
|
||||
[](http://creativecommons.org/publicdomain/zero/1.0)
|
||||
|
|
|
|||
Loading…
Reference in New Issue