Detecting Red Team Activity
WIP. This is meant to help blue team identify malicious activity.
Domain Enumeration
Bloodhound
Bloodhound is used to enumerate the domain. Depending on which flags are used, it can either be very loud and obvious, or subtle and harder to detect.
Powershell/Powerpick
Detecting Admin Share checks
ed. Generated on access attempts. This is a good way to look for admin access enumeration and lateral movement
Kerberos Attacks
Lateral Movement
Credential Abuse
Last updated
Was this helpful?