Security Monitoring: A Possible New Way to Detect Privilege Escalation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. The problem that most defense mechanisms have in detecting the adversary is that they tend to be focused on detecting the tools far more so than…

0

Security Monitoring: Using SCOM to Collect LAPS Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. This is a short post for documentation only, but LAPS can be configured to put audit events in the Windows Security Log. These are event ID…

0