Blog Entries

02. 07. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Discovery and Credential Access via Kerberos & NTLM: A Detection-Focused Approach

Introduction Windows environments rely heavily on authentication protocols like NTLM and Kerberos. While these protocols serve critical security purposes, they are also commonly abused during malicious activities. This article explains how to detect suspicious behaviors related to Domain Account Discovery and Credential Access, specifically focusing on Enumeration, Brute Force, and Password Spraying attempts via NTLM…

Read More
25. 03. 2025 Francesco Belacca Azure, Microsoft

Azure Container App Jobs: Why I think they’re Great

At SharpCoding 2025 in Rome – hosted at Microsoft’s headquarters – I had the pleasure of sharing our approach to simplifying deployments using Azure Container App Jobs. In my session, “Guided Deployments: Power Platform under Control with Azure DevOps,” I discussed how we tackled the challenge of reliably extracting, versioning and deploying custom power platform…

Read More
04. 02. 2020 Oreste Attanasio NetEye, Service Management

Microsoft will Deny Plain LDAP Connections to AD Beginning March 2020

Starting in March 2020, Microsoft will release an update which includes hardening measures for LDAP binding. Read the full advisory here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023 . This affects all of us who still use plain LDAP to perform queries in Active Directory. Starting in March we will be forced to use secure LDAP binding, because AD will deny…

Read More
09. 11. 2017 Alessandro Romboli Service Management, Unified Monitoring

Microsoft ADFS integration with Shibboleth

Starting with the Windows Server 2003 R2 version, Microsoft introduced the Active Directory Federation Services (ADFS), a software component which provides users with single sign-on access to systems and applications located across organizational boundaries. ADFS is part of the Active Directory Services. The authenticated user is provided with a series of Claims related to his…

Read More
25. 08. 2009 NetEye Blog Admin Unified Monitoring

AUDIT FILE AND FOLDER ACCESS IN WINDOWS

A important part of Windows auditing is to track file and folder access on Windows file volumes. Out of the box, this part of auditing is not enabled on Windows operating systems. It’s necessary to enable file and folder auditing and then identify the files and folders that are to be audited. Once correctly configured,…

Read More
13. 08. 2009 NetEye Blog Admin Log Management, Unified Monitoring

Microsoft SQL Server Login Auditing with Logon Triggers

All time the same problem. We will audit whenever a member of one of the SQL Server administrative roles logs on to my SQL Server Instance, the standard SQL audit “Successful logins only” provides this information, the SQL Server logs every connection, but without a focus of the members from the SQL server administrative roles….

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive