Jump to content

Search the Community

Showing results for tags 'firewall logs'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 1 result

  1. So, I was reading Mubix's blog a little while back and he wrote about how PSEXEC shows up in the events log. It got me thinking, why can't I find a list anywhere of things like that which should be red flags in event, and other, logs? Anyone care to help build such a list? I'm starting off with what Mubix mentioned (though, I'm sure it will get changed later) and another obvious one. Windows Server 2003 Event ID 552 - when someone uses something such as RUNAS, it could be a sysad doing their job or an attacker doing something else, but worth looking into. What other things can we all think of? Assuming a network that has a centralized log management server, so all server (say Windows 2003/2008 and maybe some Linux or Solairs ones) logs can be easily alerted off of, as well as firewall events. Anything that's an obvious red flag (like PSEXEC) or warrants further research.
×
×
  • Create New...