Detecting Red Team Activity

WIP. This is meant to help blue team identify malicious activity.

Domain Enumeration

Bloodhound

Bloodhound is used to enumerate the domain. Depending on which flags are used, it can either be very loud and obvious, or subtle and harder to detect.

Powershell/Powerpick

ed. Generated on access attempts. This is a good way to look for admin access enumeration and lateral movement

Kerberos Attacks

Lateral Movement

Credential Abuse

PreviousKerberos

Last updated 4 years ago

Was this helpful?

hashtagDomain Enumeration

hashtagBloodhound

hashtagPowershell/Powerpick

hashtagDetecting Admin Share checks

hashtagKerberos Attacks

hashtagLateral Movement

hashtagCredential Abuse