DFSP # 411 - NTLM Credential Validation | allinfosecnews.com

Jan. 2, 2024, 5:32 a.m. |

Digital Forensic Survival Podcast digitalforensicsurvivalpodcast.libsyn.com

This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advantage of being concentrated on domain controllers, which allows you, as the analyst, leverage a great resource for user account analysis. I will have the background, artifact breakdown, and triage strategy coming up right after this…..

account analysis analyst controllers credential domain domain controllers events great kerberos lateral movement ntlm offer resource systems talking validation week window

More from digitalforensicsurvivalpodcast.libsyn.com / Digital Forensic Survival Podcast

DFSP # 428 - It’s all about that XML 23 hours ago | digitalforensicsurvivalpodcast.libsyn.com

artifacts compromise events evidence +9

DFSP # 427 - MOF Balls 1 week ago | digitalforensicsurvivalpodcast.libsyn.com

app artifact attackers dfir +11

DFSP # 426 - SSH Forensics: Log Analysis 2 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

analysis analyst forensics important +9

DFSP # 425 - SSH Forensics: Host-Based Artifacts 3 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

artifacts explained fast forensics +7

DFSP # 424 - SSH Forensics: Understanding Secure Shell 4 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

access basics communications concepts +18

DFSP # 423 - Guiding Lights: Cyber Investigations Investigation Lifecycle 1 month ago | digitalforensicsurvivalpodcast.libsyn.com

aspect clear cyber cyber investigations +18

DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro 1 month, 1 week ago | digitalforensicsurvivalpodcast.libsyn.com

access cracking event event logs +17

DFSP # 421 - Memory Lane: Fileless Linux Attacks Unraveled 1 month, 2 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

anonymous attacks data data storage +19

DFSP # 420 - Failing, Stopping and Crashing 1 month, 3 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

event exploitation forensic investigations +11

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Professional Services Resident Consultant / Senior Professional Services Resident Consultant - AMS

@ Zscaler | Bengaluru, India

View on infosec-jobs.com

Head of Security, Risk & Compliance

@ Gedeon Richter Pharma GmbH | Budapest, HU

View on infosec-jobs.com

Unarmed Professional Security Officer - County Hospital

@ Allied Universal | Los Angeles, CA, United States

View on infosec-jobs.com

Senior Software Engineer, Privacy Engineering

@ Block | Seattle, WA, United States

View on infosec-jobs.com

Senior Cyber Security Specialist

@ Avaloq | Bioggio, Switzerland

View on infosec-jobs.com