whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

details on ad

This commit is contained in:
gurkenhabicht 2023-11-14 20:36:49 +01:00
parent fd69c5c90b
commit a3e5859f60
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Cryptography/Active Directory/AD Enumeration.md
View File

@ -114,6 +114,18 @@ bloodhound --no-sandbox
## PowerView ## PowerView
Registered Machines in the domain
```sh
Get-NetComputer | select "name"
```
When the computers were added to the domain
```sh
Get-ADComputer -filter * -properties whencreated | Select Name,@{n="Owner";e={(Get-acl "ad:\$($_.distinguishedname)").owner}},whencreated
```
## WMI ## WMI
## Find Certifications and Private Keys ## Find Certifications and Private Keys

5
Forensics/Windows Event Logs.md
View File

@ -21,12 +21,17 @@ evtx_dump -o json $EVENT_LOG > event.log
### Account Management ### Account Management
* **4719**: Attempt to change a policy
* **4720**: User account creation * **4720**: User account creation
* **4722**: User account enabled * **4722**: User account enabled
* **4723**: Attempt to change an account password. The user attempts to change their password * **4723**: Attempt to change an account password. The user attempts to change their password
* **4724**: Attempt to reset the account password. The user attempts to reset the password of another account * **4724**: Attempt to reset the account password. The user attempts to reset the password of another account
* **4725**: Account disable * **4725**: Account disable
* **4726**: Account removal * **4726**: Account removal
* **4728**: Attempt to add an account to a global security group
* **4729**: Attempt to remove an account from a global security group
* **4756**: Attempt to add an account to a universal security group
* **4757**: Attempt to remove an account from a universal security group
### Account Logon ### Account Logon