LogonTracer is a tool to investigate malicious logon by visualizing and analyzing Windows Active Directory event logs. This tool associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph.
https://github.com/JPCERTCC/LogonTracer
https://www.activecountermeasures.com/log-analysis-part-3-lateral-movement/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.