Windows Active Directory Forensics
About this event
June was the red team. July is the blue team. We built the AD lab in June β now we're going to attack it on Cover6 infrastructure and watch the alerts fire in real time. Same environment. Same attack chain. Different seat.
π― What We'll Cover
- Windows AD forensics β what an attacker leaves behind in the logs
- Event ID deep dive β the 10 IDs every SOC analyst needs to memorize
- BloodHound attack paths β reading the output as a defender
- Kerberoasting detection in Splunk
- Golden Ticket indicators β what makes it "impossible" and how to spot it
Want to follow along in the cloud? Spin up your own Kali droplet: https://m.do.co/c/84eb8a434ffd
π Stay connected:
- Cover6 Solutions: [https://www.cover6solutions.com ](https://www.cover6solutions.com )
- YouTube (live streams + replays): https://www.youtube.com/@Cover6Solutions
- Courses and certification prep: https://cover6solutions.com/courses/
π€ Submit a talk/demo: https://www.papercall.io/cover6community
Rep the community β https://www.cover6solutions.com/product/cover6-shield-unisex-t-shirt/ Grab a Cover6 Shield tee and show up repping the community that helped get you here.
Source: meetup