Malware by domain admin
Great thread here about security and event logging.
If you want to stop an attacker from installing malware or placing a web shell on your Exhange server, you probably should start with ensuring service accounts and admins who have admin on those servers don’t log in to easily phished desktop class systems.
— Jessica Payne (@jepayneMSFT) May 9, 2019
If you want to see if a domain admin has logged in somewhere and exposed credentials (logon types 2,4,5,10) and track down accounts at risk or what might break if you reduce service account privileges you don’t even need fancy tools: https://t.co/1eYtGHlZPB
— Jessica Payne (@jepayneMSFT) May 9, 2019
Content Here:
jepayneMSFT/WEFFLES
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI - jepayneMSFT/WEFFLES