If you get a chance you may briefly look at old articles related to this topic as I will be briefly referencing them or quickly summarizing portions of my configuration…. [Continue Reading]
Month: July 2018
Tracking & Monitoring Domain Admins with Logstash
Whether your environment was compromised and someone got a hold of your Domain Admin account, or you’re just ensuring that domain admins are logging in to expected systems. It is… [Continue Reading]
Generate Windows Services Report
This script was designed to inventory the running services in your infrastructure. It requires a c:\temp\servers.txt file to be created and populated with server names; it will then query the… [Continue Reading]
Check IIS Health (Services, Site, AppPool Statuses)
This is a simple script that will query the Windows Services for the status of the required IIS services (IISADMIN, WAS, W3SVC) and also output the status of your IIS… [Continue Reading]
Threat Hunting: Finding Persistence Mechanisms
I wanted to write about the importance of checking for new services as this is an avenue in which attackers leverage their persistence methods. While looking at newly created services… [Continue Reading]
Remote Connection Dashboards: VNC & RDP
Accountability is important, and sometimes we might need to investigate who made certain changes at a specific time, or ensure that our privileged accounts are not logging in to other… [Continue Reading]