Get Local Group Members Revisited • The Lonely Administrator
4725(S) A user account was disabled. | Microsoft Learn
Detecting LDAP enumeration and Bloodhound's Sharphound collector using AD Decoys | by Madhukar Raina | Securonix Tech Blog | Medium
Solved Event Properties - Event 4798, Microsoft Windows | Chegg.com
Windows Event Log Analysis - Incident Response Guide
What is NetBIOS Enumeration? - GeeksforGeeks
Windows admin 101 – Adding a local administrator account from the command line – PwnDefend
Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below
4732(S) A member was added to a security-enabled local group. | Microsoft Learn
Lateral Movement
Event ID 4688: What Is It & How to Enable It - Windows Report
What Is & How to Track a Windows Audit Failure in 2023 | Newsletter software, Software deals, Content curation
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
PowerView: Active Directory Enumeration - Red Team Notes
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
1104(S) The security log is now full. | Microsoft Learn
SIEM - Security information and event management — Zercurity 1.6.0 (41f38f0) documentation