Preview Mode Links will not work in preview mode

7 Minute Security

Nov 17, 2021

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect:

  • RDP from public IPs
  • Password spraying
  • Kerberoasting
  • Mimikatz
  • Recon net commands
  • Hash dumping
  • Hits on a "honey domain admin" account
  • Users with non-expiring passwords
  • Hits on the SSH/FTP/HTTP honeypot