Detecting Windows Attacks with Splunk
Detecting Common User/Domain ReconDetecting Password SprayingDetecting Responder-like AttacksDetecting Kerberoasting/AS-REProastingDetecting Pass-the-HashDetecting Pass-the-TicketDetecting Overpass-the-HashDetecting Golden Tickets/Silver TicketsDetecting Unconstrained Delegation/Constrained Delegation AttacksDetecting DCSync/DCShadowCreating Custom Splunk ApplicationsDetecting RDP Brute Force AttacksDetecting Beaconing MalwareDetecting Nmap Port ScanningDetecting Kerberos Brute Force AttacksDetecting KerberoastingDetecting Golden TicketsDetecting Cobalt Strike's PSExecDetecting ZerologonDetecting Exfiltration (HTTP)Detecting Exfiltration (DNS)Detecting Ransomware