Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team - Introduction
Tags
Common Information
| Type | Value |
|---|---|
| UUID | c32f83fd-2b04-4e1c-b0e4-0be03f28db1a |
| Fingerprint | 827761d767ec0b6b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 13, 2023, noon |
| Added to db | Aug. 30, 2024, 11:51 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team – Introduction |
| Title | Kerberos OPSEC: Offense & Detection Strategies for Red and Blue Team - Introduction |
| Detected Hints/Tags/Attributes | 93/1/426 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.intrinsec.com/kerberos_opsec_introduction/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 322 | ✔ | Cybersécurité – INTRINSEC | https://www.intrinsec.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | beta.hackndo.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 1 | synologydrive.app |
|
| Details | Domain | 18 | windowsupdate.microsoft.com |
|
| Details | Domain | 8 | windowsupdate.com |
|
| Details | Domain | 1 | wustat.windows.com |
|
| Details | Domain | 64 | go.microsoft.com |
|
| Details | Domain | 21 | update.microsoft.com |
|
| Details | Domain | 18 | download.microsoft.com |
|
| Details | Domain | 1 | microsoft.com.akadns.net |
|
| Details | Domain | 1 | microsoft.com.nsatc.net |
|
| Details | Domain | 1 | microsoft.identity.aadconnect.health.aadsync.host |
|
| Details | Domain | 67 | microsoft.windows |
|
| Details | Domain | 1 | 1rx.io |
|
| Details | Domain | 2 | 2mdn.net |
|
| Details | Domain | 2 | adadvisor.net |
|
| Details | Domain | 2 | adap.tv |
|
| Details | Domain | 2 | addthis.com |
|
| Details | Domain | 1 | adform.net |
|
| Details | Domain | 4 | adnxs.com |
|
| Details | Domain | 3 | adroll.com |
|
| Details | Domain | 1 | adrta.com |
|
| Details | Domain | 1 | adsafeprotected.com |
|
| Details | Domain | 1 | adsrvr.org |
|
| Details | Domain | 2 | advertising.com |
|
| Details | Domain | 2 | amazon-adsystem.com |
|
| Details | Domain | 1 | analytics.yahoo.com |
|
| Details | Domain | 158 | aol.com |
|
| Details | Domain | 2 | betrad.com |
|
| Details | Domain | 1 | bidswitch.net |
|
| Details | Domain | 1 | casalemedia.com |
|
| Details | Domain | 1 | chartbeat.net |
|
| Details | Domain | 27 | cnn.com |
|
| Details | Domain | 1 | convertro.com |
|
| Details | Domain | 1 | criteo.com |
|
| Details | Domain | 1 | criteo.net |
|
| Details | Domain | 1 | crwdcntrl.net |
|
| Details | Domain | 3 | demdex.net |
|
| Details | Domain | 2 | domdex.com |
|
| Details | Domain | 1 | dotomi.com |
|
| Details | Domain | 41 | doubleclick.net |
|
| Details | Domain | 1 | doubleverify.com |
|
| Details | Domain | 1 | emxdgt.com |
|
| Details | Domain | 1 | exelator.com |
|
| Details | Domain | 15 | google-analytics.com |
|
| Details | Domain | 5 | googleadservices.com |
|
| Details | Domain | 6 | googlesyndication.com |
|
| Details | Domain | 7 | googletagmanager.com |
|
| Details | Domain | 6 | googlevideo.com |
|
| Details | Domain | 8 | gstatic.com |
|
| Details | Domain | 3 | gvt1.com |
|
| Details | Domain | 1 | gvt2.com |
|
| Details | Domain | 1 | ib-ibi.com |
|
| Details | Domain | 1 | jivox.com |
|
| Details | Domain | 1 | mathtag.com |
|
| Details | Domain | 2 | moatads.com |
|
| Details | Domain | 1 | moatpixel.com |
|
| Details | Domain | 1 | mookie1.com |
|
| Details | Domain | 1 | myvisualiq.net |
|
| Details | Domain | 1 | netmng.com |
|
| Details | Domain | 1 | nexac.com |
|
| Details | Domain | 2 | openx.net |
|
| Details | Domain | 1 | optimizely.com |
|
| Details | Domain | 2 | outbrain.com |
|
| Details | Domain | 1 | pardot.com |
|
| Details | Domain | 9 | pinterest.com |
|
| Details | Domain | 1 | pubmatic.com |
|
| Details | Domain | 1 | quantcount.com |
|
| Details | Domain | 1 | quantserve.com |
|
| Details | Domain | 1 | revsci.net |
|
| Details | Domain | 1 | rfihub.net |
|
| Details | Domain | 1 | rlcdn.com |
|
| Details | Domain | 1 | rubiconproject.com |
|
| Details | Domain | 1 | scdn.co |
|
| Details | Domain | 6 | scorecardresearch.com |
|
| Details | Domain | 3 | serving-sys.com |
|
| Details | Domain | 1 | sharethrough.com |
|
| Details | Domain | 2 | simpli.fi |
|
| Details | Domain | 1 | sitescout.com |
|
| Details | Domain | 1 | smartadserver.com |
|
| Details | Domain | 1 | snapads.com |
|
| Details | Domain | 4 | spotxchange.com |
|
| Details | Domain | 2 | taboola.com |
|
| Details | Domain | 1 | taboola.map.fastly.net |
|
| Details | Domain | 1 | tapad.com |
|
| Details | Domain | 2 | tidaltv.com |
|
| Details | Domain | 4 | trafficmanager.net |
|
| Details | Domain | 1 | tremorhub.com |
|
| Details | Domain | 4 | tribalfusion.com |
|
| Details | Domain | 3 | turn.com |
|
| Details | Domain | 2 | twimg.com |
|
| Details | Domain | 1 | tynt.com |
|
| Details | Domain | 1 | w55c.net |
|
| Details | Domain | 28 | ytimg.com |
|
| Details | Domain | 1 | zorosrv.com |
|
| Details | Domain | 6 | adservice.google.com |
|
| Details | Domain | 1 | ampcid.google.com |
|
| Details | Domain | 4 | clientservices.googleapis.com |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 2 | imasdk.googleapis.com |
|
| Details | Domain | 2 | ml314.com |
|
| Details | Domain | 1 | mtalk.google.com |
|
| Details | Domain | 2 | update.googleapis.com |
|
| Details | Domain | 5 | www.googletagservices.com |
|
| Details | Domain | 3 | mozaws.net |
|
| Details | Domain | 6 | mozilla.com |
|
| Details | Domain | 5 | mozilla.net |
|
| Details | Domain | 22 | mozilla.org |
|
| Details | Domain | 3 | clients1.google.com |
|
| Details | Domain | 6 | clients2.google.com |
|
| Details | Domain | 4 | clients3.google.com |
|
| Details | Domain | 7 | clients4.google.com |
|
| Details | Domain | 4 | clients5.google.com |
|
| Details | Domain | 3 | clients6.google.com |
|
| Details | Domain | 5 | safebrowsing.googleapis.com |
|
| Details | Domain | 6 | akadns.net |
|
| Details | Domain | 25 | netflix.com |
|
| Details | Domain | 2 | aspnetcdn.com |
|
| Details | Domain | 20 | ajax.googleapis.com |
|
| Details | Domain | 26 | cdnjs.cloudflare.com |
|
| Details | Domain | 18 | fonts.googleapis.com |
|
| Details | Domain | 1 | typekit.net |
|
| Details | Domain | 1 | stackassets.com |
|
| Details | Domain | 1 | steamcontent.com |
|
| Details | Domain | 2 | msftncsi.com |
|
| Details | Domain | 1 | logitech.com |
|
| Details | Domain | 1 | pushp.svc.ms |
|
| Details | Domain | 1 | b-msedge.net |
|
| Details | Domain | 94 | bing.com |
|
| Details | Domain | 179 | hotmail.com |
|
| Details | Domain | 55 | live.com |
|
| Details | Domain | 2 | live.net |
|
| Details | Domain | 6 | s-microsoft.com |
|
| Details | Domain | 368 | microsoft.com |
|
| Details | Domain | 6 | microsoftonline.com |
|
| Details | Domain | 1 | microsoftstore.com |
|
| Details | Domain | 1 | ms-acdc.office.com |
|
| Details | Domain | 2 | msedge.net |
|
| Details | Domain | 51 | msn.com |
|
| Details | Domain | 1 | msocdn.com |
|
| Details | Domain | 12 | skype.com |
|
| Details | Domain | 1 | skype.net |
|
| Details | Domain | 7 | windows.com |
|
| Details | Domain | 1 | windows.net.nsatc.net |
|
| Details | Domain | 2 | xboxlive.com |
|
| Details | Domain | 6 | login.windows.net |
|
| Details | Domain | 12 | outlook.office.com |
|
| Details | Domain | 1 | statics.teams.cdn.office.net |
|
| Details | Domain | 1 | acdc-direct.office.com |
|
| Details | Domain | 1 | fp.measure.office.com |
|
| Details | Domain | 6 | office365.com |
|
| Details | Domain | 1 | activedirectory.windowsazure.com |
|
| Details | Domain | 1 | aria.microsoft.com |
|
| Details | Domain | 2 | msauth.net |
|
| Details | Domain | 1 | msftauth.net |
|
| Details | Domain | 2 | opinsights.azure.com |
|
| Details | Domain | 12 | management.azure.com |
|
| Details | Domain | 26 | outlook.office365.com |
|
| Details | Domain | 27 | portal.azure.com |
|
| Details | Domain | 3 | substrate.office.com |
|
| Details | Domain | 1 | osi.office.net |
|
| Details | Domain | 12 | digicert.com |
|
| Details | Domain | 3 | globalsign.com |
|
| Details | Domain | 1 | globalsign.net |
|
| Details | Domain | 1 | msocsp.com |
|
| Details | Domain | 1 | ocsp.msocsp.com |
|
| Details | Domain | 5 | pki.goog |
|
| Details | Domain | 1 | ocsp.godaddy.com |
|
| Details | Domain | 1 | amazontrust.com |
|
| Details | Domain | 1 | ocsp.sectigo.com |
|
| Details | Domain | 1 | usertrust.com |
|
| Details | Domain | 6 | ocsp.comodoca.com |
|
| Details | Domain | 4 | ocsp.verisign.com |
|
| Details | Domain | 2 | ocsp.entrust.net |
|
| Details | Domain | 1 | ocsp.identrust.com |
|
| Details | Domain | 1 | status.rapidssl.com |
|
| Details | Domain | 1 | status.thawte.com |
|
| Details | Domain | 2 | ocsp.int-x3.letsencrypt.org |
|
| Details | Domain | 1 | subca.ocsp-certum.com |
|
| Details | Domain | 1 | cscasha2.ocsp-certum.com |
|
| Details | Domain | 2 | crl.verisign.com |
|
| Details | Domain | 8 | spotify.com |
|
| Details | Domain | 1 | spotify.map.fastly.net |
|
| Details | Domain | 1 | microsoft.windows.search |
|
| Details | File | 81 | werfault.exe |
|
| Details | File | 34 | acrord32.exe |
|
| Details | File | 3 | acrocef.exe |
|
| Details | File | 15 | agsservice.exe |
|
| Details | File | 6 | rdrcef.exe |
|
| Details | File | 2 | logtransport2.exe |
|
| Details | File | 6 | cloud.exe |
|
| Details | File | 9 | ccxprocess.exe |
|
| Details | File | 5 | coresync.exe |
|
| Details | File | 3 | c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe |
|
| Details | File | 42 | adobearm.exe |
|
| Details | File | 38 | armsvc.exe |
|
| Details | File | 6 | adobecollabsync.exe |
|
| Details | File | 31 | helper.exe |
|
| Details | File | 1 | adobegcclient.exe |
|
| Details | File | 1 | adobe_licutil.exe |
|
| Details | File | 12 | updaterstartuputility.exe |
|
| Details | File | 1 | c:\program files\microsoft monitoring agent\agent\monitoringhost.exe |
|
| Details | File | 5 | c:\windows\system32\cscript.exe |
|
| Details | File | 1 | monitorknowledgediscovery.vbs |
|
| Details | File | 3 | vpnagent.exe |
|
| Details | File | 10 | ngen.exe |
|
| Details | File | 41 | mscorsvw.exe |
|
| Details | File | 27 | presentationfontcache.exe |
|
| Details | File | 5 | ngentask.exe |
|
| Details | File | 4 | c:\program files\realtek\audio\hda\rtkaudioservice64.exe |
|
| Details | File | 6 | dropboxupdate.exe |
|
| Details | File | 1 | c:\program files\eset\eset nod32 antivirus\ekrn.exe |
|
| Details | File | 271 | chrome.exe |
|
| Details | File | 52 | c:\program files\google\chrome\application\chrome.exe |
|
| Details | File | 1 | pfwsmgr.exe |
|
| Details | File | 1 | respesvc64.exe |
|
| Details | File | 1 | c:\program files\res software\workspace manager\respesvc.exe |
|
| Details | File | 1 | c:\program files\ivanti\workspace control\respesvc.exe |
|
| Details | File | 7 | c:\program files\malwarebytes\anti-malware\mbam.exe |
|
| Details | File | 46 | c:\program files\malwarebytes\anti-malware\mbamservice.exe |
|
| Details | File | 39 | c:\program files\malwarebytes\anti-malware\mbamtray.exe |
|
| Details | File | 29 | c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe |
|
| Details | File | 29 | c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe |
|
| Details | File | 1 | msosync.exe |
|
| Details | File | 3 | c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe |
|
| Details | File | 4 | c:\program files\mozilla firefox\plugin-container.exe |
|
| Details | File | 4 | plugin-container.exe |
|
| Details | File | 14 | filecoauth.exe |
|
| Details | File | 4 | swi_service.exe |
|
| Details | File | 4 | swc_service.exe |
|
| Details | File | 3 | ssp.exe |
|
| Details | File | 3 | routernt.exe |
|
| Details | File | 12 | alsvc.exe |
|
| Details | File | 19 | savadminservice.exe |
|
| Details | File | 4 | managementagentnt.exe |
|
| Details | File | 1 | c:\program files\splunk\bin\splunkd.exe |
|
| Details | File | 1 | c:\program files\splunk\bin\splunk.exe |
|
| Details | File | 1 | d:\program files\splunk\bin\splunkd.exe |
|
| Details | File | 1 | d:\program files\splunk\bin\splunk.exe |
|
| Details | File | 1 | c:\program files\splunkuniversalforwarder\bin\splunkd.exe |
|
| Details | File | 1 | c:\program files\splunkuniversalforwarder\bin\splunk.exe |
|
| Details | File | 1 | d:\program files\splunkuniversalforwarder\bin\splunkd.exe |
|
| Details | File | 1 | d:\program files\splunkuniversalforwarder\bin\splunk.exe |
|
| Details | File | 92 | c:\windows\system32\svchost.exe |
|
| Details | File | 1 | c:\program files\trend micro\deep security agent\ds_monitor.exe |
|
| Details | File | 1 | c:\program files\trend micro\deep security agent\dsa.exe |
|
| Details | File | 1 | c:\program files\trend micro\deep security agent\dsuam.exe |
|
| Details | File | 1 | c:\program files\trend micro\deep security agent\notifier.exe |
|
| Details | File | 1 | c:\program files\trend micro\deep security agent\lib\patch.exe |
|
| Details | File | 11 | tmbmsrv.exe |
|
| Details | File | 1 | tmopextins32.exe |
|
| Details | File | 1 | tmextins.exe |
|
| Details | File | 16 | tmlisten.exe |
|
| Details | File | 6 | c:\windows\system32\mpsigstub.exe |
|
| Details | File | 1 | c:\program files\microsoft security client\mpcmdrun.exe |
|
| Details | File | 85 | c:\windows\system32\dllhost.exe |
|
| Details | File | 6 | c:\windows\system32\searchindexer.exe |
|
| Details | File | 5 | c:\windows\system32\compattelrunner.exe |
|
| Details | File | 12 | c:\windows\system32\musnotification.exe |
|
| Details | File | 1 | c:\windows\system32\musnotificationux.exe |
|
| Details | File | 1 | c:\windows\system32\audiodg.exe |
|
| Details | File | 20 | c:\windows\system32\conhost.exe |
|
| Details | File | 1 | c:\windows\system32\powercfg.exe |
|
| Details | File | 1 | c:\windows\system32\wbem\wmiapsrv.exe |
|
| Details | File | 4 | c:\windows\system32\wermgr.exe |
|
| Details | File | 2 | c:\windows\syswow64\wermgr.exe |
|
| Details | File | 3 | c:\windows\system32\sppsvc.exe |
|
| Details | File | 165 | csrss.exe |
|
| Details | File | 49 | onedrive.exe |
|
| Details | File | 5 | slack.exe |
|
| Details | File | 19 | teams.exe |
|
| Details | File | 11 | dropbox.exe |
|
| Details | File | 4 | winlogbeat.exe |
|
| Details | File | 1 | packetbeat.exe |
|
| Details | File | 9 | onedrivestandaloneupdater.exe |
|
| Details | File | 1 | owncloud.exe |
|
| Details | File | 1 | c:\program files\palo alto networks\traps\cyserver.exe |
|
| Details | File | 1 | c:\program files\sophos\sophos network threat protection\bin\sntpservice.exe |
|
| Details | File | 35 | spotify.exe |
|
| Details | File | 1 | cloud-drive-ui.exe |
|
| Details | File | 1 | cloud-drive-daemon.exe |
|
| Details | File | 62 | scrobj.dll |
|
| Details | File | 3 | vstoinstaller.exe |
|
| Details | File | 1 | filesynctelemetryextensions.dll |
|
| Details | File | 1 | filecoauthlib.dll |
|
| Details | File | 1 | onedrivetelemetrystable.dll |
|
| Details | File | 69 | vcruntime140.dll |
|
| Details | File | 2 | updateringsettings.dll |
|
| Details | File | 4 | loggingplatform.dll |
|
| Details | File | 6 | c:\windows\system32\wininit.exe |
|
| Details | File | 9 | c:\windows\system32\csrss.exe |
|
| Details | File | 23 | c:\windows\system32\services.exe |
|
| Details | File | 11 | c:\windows\system32\winlogon.exe |
|
| Details | File | 7 | c:\windows\system32\dwm.exe |
|
| Details | File | 14 | c:\windows\system32\wbem\wmiprvse.exe |
|
| Details | File | 5 | c:\program files\adobe\adobe creative cloud experience\libs\node.exe |
|
| Details | File | 14 | agmservice.exe |
|
| Details | File | 14 | acrobat.exe |
|
| Details | File | 4 | adobearmhelper.exe |
|
| Details | File | 1 | c:\program files\adobe\adobe photoshop 2021\photoshop.exe |
|
| Details | File | 1 | c:\windows\carbonblack\cb.exe |
|
| Details | File | 11 | sfc.exe |
|
| Details | File | 2 | receiver.exe |
|
| Details | File | 1 | c:\program files\couchbase\server\bin\sigar_port.exe |
|
| Details | File | 5 | xagt.exe |
|
| Details | File | 1 | cpushld.exe |
|
| Details | File | 1 | c:\program files\ivanti\workspace control\cpushld.exe |
|
| Details | File | 1 | c:\program files\res software\workspace manager\cpushld.exe |
|
| Details | File | 142 | wmiprvse.exe |
|
| Details | File | 105 | googleupdate.exe |
|
| Details | File | 1 | ltsvc.exe |
|
| Details | File | 117 | taskmgr.exe |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 1 | wfshell.exe |
|
| Details | File | 3 | c:\windows\system32\lsm.exe |
|
| Details | File | 20 | host.exe |
|
| Details | File | 1 | c:\program files\mcafee\endpoint security\endpoint security platform\mfeesp.exe |
|
| Details | File | 1 | c:\program files\mcafee\agent\x86\macompatsvc.exe |
|
| Details | File | 70 | onedrivesetup.exe |
|
| Details | File | 22 | c:\program files\microsoft office\root\office16\outlook.exe |
|
| Details | File | 2 | c:\program files\powertoys\modules\keyboardmanager\keyboardmanagerengine\powertoys.key |
|
| Details | File | 2 | boardmanagerengine.exe |
|
| Details | File | 1 | c:\program files\microsoft security client\msmpeng.exe |
|
| Details | File | 7 | c:\program files\windows defender\msmpeng.exe |
|
| Details | File | 198 | msmpeng.exe |
|
| Details | File | 1 | mobaxterm.exe |
|
| Details | File | 1 | c:\program files\qualys\qualysagent\qualysagent.exe |
|
| Details | File | 6 | rzsdkservice.exe |
|
| Details | File | 1 | c:\windows\ccm\ccmexec.exe |
|
| Details | File | 7 | vmware-authd.exe |
|
| Details | File | 2 | c:\program files\winzip\fahwindow64.exe |
|
| Details | File | 1 | invcolpc.exe |
|
| Details | File | 9 | c:\windows\system32\igfxcuiservice.exe |
|
| Details | File | 6 | c:\windows\system32\smss.exe |
|
| Details | File | 3 | c:\windows\system32\wbem\wmiadap.exe |
|
| Details | File | 173 | outlook.exe |
|
| Details | File | 1 | outlook.xml |
|
| Details | File | 1 | c:\windows\system32\provtool.exe |
|
| Details | File | 1 | aciseposture.exe |
|
| Details | File | 1 | c:\program files\cylance\optics\cyoptics.exe |
|
| Details | File | 1 | c:\program files\cylance\desktop\cylancesvc.exe |
|
| Details | File | 1 | c:\program files\res software\workspace manager\pfwsmgr.exe |
|
| Details | File | 1 | c:\program files\mcafee\endpoint encryption agent\mfeepehost.exe |
|
| Details | File | 1 | c:\program files\mcafee\endpoint security\adaptive threat protection\mfeatp.exe |
|
| Details | File | 1 | c:\program files\common files\mcafee\engine\amcoreupdater\amupdate.exe |
|
| Details | File | 1 | c:\program files\mcafee\agent\masvc.exe |
|
| Details | File | 1 | c:\program files\mcafee\agent\x86\mfemactl.exe |
|
| Details | File | 1 | c:\program files\mcafee\agent\x86\mcscript_inuse.exe |
|
| Details | File | 1 | c:\program files\mcafee\endpoint security\threat prevention\mfeensppl.exe |
|
| Details | File | 1 | c:\program files\common files\mcafee\avsolution\mcshield.exe |
|
| Details | File | 1 | c:\program files\owncloud\owncloud.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 8 | c:\program files\vmware\vmware tools\vmtoolsd.exe |
|
| Details | File | 20 | wrsa.exe |
|
| Details | File | 1 | c:\program files\widcomm\bluetooth software\btwdins.exe |
|
| Details | File | 1 | integrator.exe |
|
| Details | File | 4 | c:\windows\system32\backgroundtaskhost.exe |
|
| Details | File | 7 | searchui.exe |
|
| Details | File | 1 | c:\program files\microsoft application virtualization\client\appvclient.exe |
|
| Details | File | 29 | c:\windows\system32\lsass.exe |
|
| Details | File | 27 | node.exe |
|
| Details | File | 13 | manager.exe |
|
| Details | File | 2 | selfservice.exe |
|
| Details | File | 2 | wfcrun32.exe |
|
| Details | File | 2 | concentr.exe |
|
| Details | File | 208 | setup.exe |
|
| Details | File | 61 | chrmstp.exe |
|
| Details | File | 128 | msedge.exe |
|
| Details | File | 199 | firefox.exe |
|
| Details | File | 1 | dtexec.exe |
|
| Details | File | 14 | postgres.exe |
|
| Details | File | 4 | engine.exe |
|
| Details | File | 4 | qualysagent.exe |
|
| Details | File | 4 | splunkd.exe |
|
| Details | File | 5 | splunk.exe |
|
| Details | File | 1 | splunk-monitornohandle.exe |
|
| Details | File | 1 | ofccmagent.exe |
|
| Details | File | 1 | ofcservice.exe |
|
| Details | File | 1 | dbserver.exe |
|
| Details | File | 1 | verconn.exe |
|
| Details | File | 1 | cgionclose.exe |
|
| Details | File | 1 | cgirqhotfix.exe |
|
| Details | File | 1 | lwcsservice.exe |
|
| Details | File | 1 | icrcservice.exe |
|
| Details | File | 2 | tsc.exe |
|
| Details | File | 1 | tsc64.exe |
|
| Details | File | 1 | osceintegrationservice.exe |
|
| Details | File | 1 | ofclogreceiversvc.exe |
|
| Details | File | 8 | c:\windows\system32\inetsrv\w3wp.exe |
|
| Details | File | 1 | c:\programdata\logishrd\logioptions\software\current\updater.exe |
|
| Details | File | 38 | c:\program files\windows defender advanced threat protection\mssense.exe |
|
| Details | File | 7 | sentinelagent.exe |
|
| Details | File | 12 | searchapp.exe |
|
| Details | File | 10 | software_reporter_tool.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 47 | c:\program files\mozilla firefox\firefox.exe |
|
| Details | File | 1 | c:\program files\mozilla firefox\updater.exe |
|
| Details | File | 38 | c:\program files\mozilla firefox\default-browser-agent.exe |
|
| Details | File | 1 | c:\program files\mozilla firefox\pingsender.exe |
|
| Details | File | 1 | c:\program files\git\cmd\git.exe |
|
| Details | File | 1 | c:\program files\git\mingw64\bin\git.exe |
|
| Details | File | 1 | c:\program files\git\mingw64\libexec\git-core\git.exe |
|
| Details | File | 1 | ie_to_edge_stub.exe |
|
| Details | File | 6 | identity_helper.exe |
|
| Details | File | 3 | c:\program files\microsoft vs code\code.exe |
|
| Details | Github username | 6 | olafhartong |
|
| Details | MITRE ATT&CK Techniques | 29 | T1137 |
|
| Details | Url | 1 | https://beta.hackndo.com/kerberos/. |
|
| Details | Url | 1 | https://github.com/olafhartong/sysmon-modular/wiki |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\ServicesNTDS\Diagnostics |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\ServicesNT\Parameters |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKLM\System\CurrentControlSet\Services\Tcpip\Parameters |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\Start |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers |
|
| Details | Windows Registry Key | 1 | HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates |
|
| Details | Windows Registry Key | 8 | HKLM\System\CurrentControlSet\Services |