EventSentry

EventSentry SysAdmin Tools: Digital Signature Verification with checksum.exe

Mar 16, 2018 By Ingmar Koecher In EventSentry

Windows supports a code-signing feature called Authenticode, which allows a software publisher to digitally sign executable files (e.g. .exe, .msi, …) so that users can verify their autenticity. The digital signature of a file can be viewed in the file properties in Windows explorer on the “Digital Signature” tab.

Read Post

EventSentry

Read more about EventSentry SysAdmin Tools: Digital Signature Verification with checksum.exe

From PowerShell to p@W3RH311 - Detecting and Preventing PowerShell Attacks

Jan 30, 2018 By Ingmar Koecher In EventSentry

In part one I provided a high level overview of PowerShell and the potential risk it poses to networks. Of course we can only mitigate some PowerShell attacks if we have a trace, so going forward I am assuming that you followed part 1 of this series and enabled: Module Logging, Script Block Logging, Security Process Tracking (4688/4689)

Read Post

EventSentry

Read more about From PowerShell to p@W3RH311 - Detecting and Preventing PowerShell Attacks

From PowerShell to P0W3rH3LL - Auditing PowerShell

Jan 29, 2018 By Ingmar Koecher In EventSentry

Imagine someone getting the seemingly innocent ability to run a couple of commands on a machine on your network WITHOUT installing any new software, but those commands resulting in a reverse shell running on that same machine – giving the intruder a convenient outpost in your network. Now stretch your imagination even further and pretend that all of this happens without leaving any unusual traces in logs – leaving you completely in the dark.

Read Post

EventSentry

Read more about From PowerShell to P0W3rH3LL - Auditing PowerShell

Mr. Robot, Mimikatz and Lateral Movement

Dec 21, 2017 By Ingmar Koecher In EventSentry

In Mr. Robot‘s episode 9 of season 2 (13:53), Angela Moss needs to obtain the Windows domain password of her superior, Joseph Green, in order to download sensitive documents that would potentially incriminate EvilCorp. Since her attack requires physical access to his computer, she starts with a good old-fashioned social engineering attack to get the only currently present employee in the office to leave.

Read Post

EventSentry

Read more about Mr. Robot, Mimikatz and Lateral Movement

Detecting Lateral Network Movement / Spread in EventSentry

Dec 8, 2017 By NETIKUS.NET LTD In EventSentry

How to detect lateral movement on a network in real time with EventSentry, based on the example of a process spreading.

View Video

EventSentry

Read more about Detecting Lateral Network Movement / Spread in EventSentry

Securing Exchange Server OWA & ActiveSync - Proactive Security with EventSentry

Dec 4, 2017 By Ingmar Koecher In EventSentry

With the proper auditing enabled (Logon/Logoff – Logon (Failure)) and EventSentry installed however, we can permanently block remote users / hosts who attempt to log on too many times with a wrong password. Setting this up is surprisingly simple.

Read Post

EventSentry

Read more about Securing Exchange Server OWA & ActiveSync - Proactive Security with EventSentry

Monitoring Windows Performance Counters

Nov 28, 2017 By NETIKUS.NET LTD In EventSentry

How to monitor a Windows performance counter as well as create your own dynamic counter by combining two performance counters.

View Video

EventSentry

Read more about Monitoring Windows Performance Counters

EventSentry v3.4 Installation

Nov 23, 2017 By NETIKUS.NET LTD In EventSentry

This screen cast walks to you through the installation of EventSentry v3.4, explaining components and settings along the way.

View Video

EventSentry

Read more about EventSentry v3.4 Installation

Getting Started With EventSentry v3.4

Nov 23, 2017 By NETIKUS.NET LTD In EventSentry

How to get started with EventSentry - this video describes how to navigate the management console and web reports.

View Video

EventSentry

Read more about Getting Started With EventSentry v3.4

Auditing DNS Server Changes on Windows 2008/2008R2/2012 with EventSentry

Nov 17, 2017 By Ingmar Koecher In EventSentry

If you’re running Windows 2008 (R2) or 2012 then setting up DNS auditing requires a few steps. Thankfully it’s a one-time process and shouldn’t take more than a few minutes. On the EventSentry side a pre-built package with all the necessary rules is available for download and included with the latest installer.

Read Post

EventSentry

Read more about Auditing DNS Server Changes on Windows 2008/2008R2/2012 with EventSentry

Subscribe to EventSentry

Operations | Monitoring | ITSM | DevOps | Cloud

EventSentry

EventSentry SysAdmin Tools: Digital Signature Verification with checksum.exe

From PowerShell to p@W3RH311 - Detecting and Preventing PowerShell Attacks

From PowerShell to P0W3rH3LL - Auditing PowerShell

Mr. Robot, Mimikatz and Lateral Movement

Detecting Lateral Network Movement / Spread in EventSentry

Securing Exchange Server OWA & ActiveSync - Proactive Security with EventSentry

Monitoring Windows Performance Counters

EventSentry v3.4 Installation

Getting Started With EventSentry v3.4

Auditing DNS Server Changes on Windows 2008/2008R2/2012 with EventSentry

Monthly Archive

Follow Us