One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624

Search …

Platform
Services
Company
Resources
Login

Your cart is currently empty!

Book A Demo

Search …

Platform
Services
Company
Resources
Login

Tech Talk Tuesday / Leave a Comment / 1 minute of reading

One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624

Description

Windows event logs provide a fundamental source for host-based threat hunting. In this edition of #TechTalkTuesday, we explore one of the most powerful event IDs for finding popular nation-state and other hacking groups’ initial access and lateral movement techniques. We also talk about how to scale hunting through event logs with Elasticsearch and Kibana.

Post navigation

← Previous Post

PutDownYourDukes_HuntingForHackingGroups

Put Down Your Dukes: Hunting For Hacking Group APT 29/APT 37/APT 40’s Covert Data Exfiltration

Tech Talk Tuesday

Threat Hunting for No-Key-Theft-Required Attacks in Trusted Binaries [MITRE ATT&CK T1553.002]

Tech Talk Tuesday

UsingMITRE-ATTACK-ForEnterpriseAndATT_CK-ForICS-InIndustrialEnvironmentspng

Using MITRE ATT&CK for Enterprise and ATT&CK for ICS in Industrial Environments (ft Ron Fabela)

Tech Talk Tuesday

Leave a Comment Cancel Reply

Your email address will not be published. Required fields are marked *

Type here..

Name*

Email*

Website

Save my name, email, and website in this browser for the next time I comment.

How To Use FTK Imager To Take Disk And Memory Images For Free
IR Plan, Policy & Procedures Part 3: How To Write a Cybersecurity Incident Response Procedures
IR Plan, Policy & Procedures Part 2: How To Write a Cybersecurity Incident Response Policy

Be Notified of Future Posts

Share This Post

Contact Us
Blog
Store
My account

Scroll to Top

One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624

Description

Related Posts

Leave a Comment Cancel Reply