RDP: Queries for Investigations
Вставка
- Опубліковано 20 вер 2024
- Sophos X-Ops looks at several queries that reveal much to investigators about questionable login activities. For more information and links to the resources mentioned in the series, please see the companion blog post: news.sophos.co...
00:00 Introduction
00:33 Logins.01.2 - 21-40 local session logins events.sql
00:52 Logins.01.0 - 1149 RDP Logins.sql
01:30 Logins.01.4 - RDP logins from Externals IPs.sql
02:03 Logins.01.1 - 4624_4625 Logins events.sql
03:40 Identifying misconfigurations
04:39 Wrapup