7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6
7 Minute Security16 Joulu 2021

7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6

Today we have some cool updates on this SIEM-focused series we've been doing for a while. Specifically, I want to share that one of these solutions can now detect three early (and important!) warning signs that bad things are happening in your environment:

  • ASREPRoasting

  • WDigest flag getting flipped (reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1)

  • Restricted admin mode getting enabled (reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f) - see n00py's blog for more info

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
aikalisa
tervo-halme
ootsa-kuullut-tasta-2
politiikan-puskaradio
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
aihe
rss-podme-livebox
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
linda-maria
rikosmyytit
viisupodi
rss-kuka-mina-olen
politbyroo
io-techin-tekniikkapodcast
rss-mina-ukkola
rss-hyvaa-huomenta-bryssel
rss-kuntalehti-podcast