Windows Privilege Escalation Detection Use Case

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4672

https://social.technet.microsoft.com/Forums/scriptcenter/en-US/264aec0f-9725-4cba-8c37-89478e003e7d/id-like-to-look-for-privilege-escalation-and-actions-using-privileges-from-the-windows-event-log?forum=winserverManagement

https://blogs.technet.microsoft.com/nathangau/2018/01/25/security-monitoring-a-possible-new-way-to-detect-privilege-escalation/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s