Blog Entries

02. 07. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Discovery and Credential Access via Kerberos & NTLM: A Detection-Focused Approach

Introduction Windows environments rely heavily on authentication protocols like NTLM and Kerberos. While these protocols serve critical security purposes, they are also commonly abused during malicious activities. This article explains how to detect suspicious behaviors related to Domain Account Discovery and Credential Access, specifically focusing on Enumeration, Brute Force, and Password Spraying attempts via NTLM…

Read More
17. 01. 2022 Massimo Giaimo Blue Team, SEC4U

An Evaluation of Elastic EDR with APT Simulator

We decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…

Read More

Archive