details on ad

Cryptography/Active Directory/AD Enumeration.md

@@ -114,6 +114,18 @@ bloodhound --no-sandbox
 
 ## PowerView 
 
+Registered Machines in the domain
+
+```sh
+Get-NetComputer | select "name"
+```
+
+When the computers were added to the domain
+
+```sh
+Get-ADComputer -filter * -properties whencreated | Select Name,@{n="Owner";e={(Get-acl "ad:\$($_.distinguishedname)").owner}},whencreated
+```
+
 ## WMI
 
 ## Find Certifications and Private Keys

Forensics/Windows Event Logs.md

@@ -21,12 +21,17 @@ evtx_dump -o json $EVENT_LOG > event.log
 
 ### Account Management
 
+* **4719**: Attempt to change a policy
 * **4720**: User account creation
 * **4722**: User account enabled
 * **4723**: Attempt to change an account password. The user attempts to change their password
 * **4724**: Attempt to reset the account password. The user attempts to reset the password of another account
 * **4725**: Account disable
 * **4726**: Account removal
+* **4728**: Attempt to add an account to a global security group
+* **4729**: Attempt to remove an account from a global security group
+* **4756**: Attempt to add an account to a universal security group
+* **4757**: Attempt to remove an account from a universal security group
 
 ### Account Logon