ACE

RESPONDER

Attack Animator

Blog

Learn

Challenges

Sign in

This module covers Windows logon basics. By the end you will understand: * basic Windows authentication artifacts * how to differentiate between local and domain logons * how to hunt for some common credential access and lateral movement techniques Windows logon events are crucial for investigating a potential compromise. In an incident investigation they help us answer important questions like: * Which credentials could the attacker have compromised? * Which systems did the attacker access? * Which lateral movement technique did the attacker use? * What data could the attacker have compromised? The events in your SIEM can be found in the following timespan: 11 Dec 2022 - 17 Dec 2022.

Windows Logons

Share on Twitter
Share on LinkedIn

This module covers Windows logon basics. By the end you will understand:

  • basic Windows authentication artifacts
  • how to differentiate between local and domain logons
  • how to hunt for some common credential access and lateral movement techniques

Windows logon events are crucial for investigating a potential compromise. In an incident investigation they help us answer important questions like:

  • Which credentials could the attacker have compromised?
  • Which systems did the attacker access?
  • Which lateral movement technique did the attacker use?
  • What data could the attacker have compromised?

The events in your SIEM can be found in the following timespan: 11 Dec 2022 - 17 Dec 2022.

Analyst

$17.49

/mo

14 Days Free

Explore realistic pre-recorded attacks

Master full-featured defensive platforms

Browser-based challenges and modules

Extended attack videos

Grants access to Analyst content. You can cancel any time by returning to this page and following the cancellation steps.

Defender

$44.49

/mo

Instant fully interactive labs

Hands-on prevention and detection

Master offensive techniques

Security engineering exercises

Highly realistic and dynamic scenarios

Access to all Analyst-level content

Grants access to all Defender content, Analyst content and interactive lab environments. You can cancel any time by returning to this page and following the cancellation steps.