all InfoSec news
Question about RDP - Yes 1149,21,22 But No 4624
Jan. 31, 2024, 3:10 p.m. | /u/DeadBirdRugby
Computer Forensics www.reddit.com
I was wondering if I could pick your brain on something:
I've got a case where there is suspected RDP access between two devices. On the triage image for the destination device we see EventID 1149 as well as Event ID 21 and 22, but no 4624. I was wondering if anyone had any insight as to why we might see Event IDs for the Network Connection (1149) as well as the Logon (21 and 22), …
access brain case community computerforensics device devices dfir event good image question rdp rdp access triage yes
More from www.reddit.com / Computer Forensics
BIRT Incident Response & Triage Beta update
2 days, 18 hours ago |
www.reddit.com
FOR577: LINUX Incident Response and Threat Hunting
6 days, 14 hours ago |
www.reddit.com
How to input the NSRL database into Axiom?
1 week, 1 day ago |
www.reddit.com
Google account sign out for "suspicious activity"
1 week, 4 days ago |
www.reddit.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC