all InfoSec news
Account created by machine account on compromised domain controller?
Web: https://www.reddit.com/r/computerforensics/comments/s1njgb/account_created_by_machine_account_on_compromised/
Jan. 11, 2022, 9:03 p.m. | /u/Mufassa810
Computer Forensics reddit.com
I'm trying to find out what account created another domain account on the system. I looked for the 4720 account creation. The interesting thing is that it is showing up as the domain controller's machine account name.
For context, yes the domain controller was confirmed to be compromised and had a unauthorized version of teamviewer installed that was being used as a backdoor Here is an example of what the log kind of looked like. Has anyone seen this before? …
More from reddit.com / Computer Forensics
Jump starting an investigation ( school assignment)
1 day, 5 hours ago |
reddit.com
What do you think about this workstation I built.
1 day, 10 hours ago |
reddit.com
add NSRL hashset to EnCase Forensics V8.05
2 days, 21 hours ago |
reddit.com
Any DFIR-Orc user who could help with KAPE embedding?
3 days, 9 hours ago |
reddit.com
Latest InfoSec / Cyber Security Jobs
Head of Information Security
@ Canny | Remote
Information Technology Specialist (INFOSEC)
@ U.S. Securities & Exchange Commission | Washington, D.C.
Information Security Manager - $90K-$180K - MANAG002176
@ Sound Transit | Seattle, WA
Sr. Software Security Architect
@ SAS | Remote
Senior Incident Responder
@ CipherTechs, Inc. | Remote
Data Security DevOps Engineer Senior/Intermediate
@ University of Michigan - ITS | Ann Arbor, MI