Blog Entries

02. 07. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Discovery and Credential Access via Kerberos & NTLM: A Detection-Focused Approach

Introduction Windows environments rely heavily on authentication protocols like NTLM and Kerberos. While these protocols serve critical security purposes, they are also commonly abused during malicious activities. This article explains how to detect suspicious behaviors related to Domain Account Discovery and Credential Access, specifically focusing on Enumeration, Brute Force, and Password Spraying attempts via NTLM…

Read More
25. 06. 2025 Mirko Ioris Blue Team, SEC4U

A Practical Guide to Working with Windows Authentication Logs – Part 1

If you’ve ever worked with Windows authentication logs, you know they can be a chaotic mess. Even when you’re looking for something apparently simple and useful – like tracking admin logins – you quickly find yourself in a sea of redundant entries, some of them logged for no apparent reason, and poorly documented details. I’ve…

Read More
12. 06. 2025 Alessandro Romboli Microsoft

Terminal Server User Profiles with FSLogix

Scenario Windows has provided Remote Desktop functionality for a very long time. A lot of companies use this feature to build up a remote Desktop Farm and then let people run programs remotely, which can be very useful when going over a WAN connection with high latency. Starting with Windows Server 2012, Microsoft added the…

Read More
05. 05. 2025 Luca Franzoi Unified Monitoring

How to Reduce Icinga 2 Log Verbosity, and Regularly Clean Them from Event Viewer

Icinga 2 is a powerful monitoring system that helps you keep track of your infrastructure. But like any monitoring tool, it can generate a lot of logs. Over time, these logs can accumulate, making it increasingly harder to find the critical information you need. If you’re using Icinga 2 on a Windows system, you might…

Read More
13. 09. 2022 Alessandro Romboli NetEye

Installing and Configuring Monitoring Agents in a Windows Domain – Part 2

Scenario In this blog I’ll describe some advanced features of the DSC platform in order to automate the configuration of the monitoring agents. I’ve already described the basic topics in the first part of this blog: Installing and Configuring Monitoring Agents in a Windows Domain – Part 1 But just as a quick reminder, DSC…

Read More
30. 03. 2022 Davide Gallo NetEye, Unified Monitoring

Log off an RDP User Session through the NetEye Command Orchestrator Part 2

In our previous post we discussed how to handle RD users using CMDO, focusing on the scripts needed to obtain a unique identifier for each users in the RD Farm. In this post I want to focus on how to create the CMDO commands and set their permissions correctly. Our user caseAs an admin I…

Read More
15. 02. 2022 Alessandro Romboli NetEye, Unified Monitoring

Log off an RDP User Session through the NetEye Command Orchestrator

ScenarioIn a Microsoft Remote Desktop environment, it’s a common need to force the logoff of a hanged user session. The NetEye Command Orchestrator (CMDO) can help us perform this task by executing remote commands through the Icinga2 agent API. There’s a security limitation built into the Command Orchestrator which allows only numeric parameters for executed…

Read More
09. 09. 2020 Alessandro Romboli NetEye

Installing and Configuring Monitoring Agents in a Windows Domain – Part 1

Scenario It’s quite typical to have several managed Windows Servers joined to a Windows Active Directory Domain. But how do you handle the automated installation and configuration of the monitoring agents? How do you keep them up to date? DSC Framework: A Potential Native Solution DSC (Desired State Configuration) is a management platform in PowerShell…

Read More
20. 08. 2009 Juergen Vigna Unified Monitoring

Misc Windows checks for Nagios

I just today saw a page with good ideas for check for a Windows/Exchange/SQL Server. This is the original link if you are interested nagioswiki.com. Please pay attention when copy pasting it to your config files as you may have problems copy/past of the “ sign. Insert the following into you commands.cfg or define them…

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive