Feb. 5, 2024, 9:54 p.m. | /u/bogisbuncenbean

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Anyone have any killer detections they’ve created to monitor suspicious LDAP Activity in their environments? Right now we have created a baseline for what we’ve considered to be normal processes querying LDAP/LDAPS Global LDAP/S and Microsoft ADWS, and then we alert on the anomalies… but nowadays it seems like more and more applications running on Windows are using LDAP. Zoom used to be an exclusion for example, and now they have a use case??? Just wondering what others typically alert …

alert alerting applications blueteamsec detections environments fidelity global high killer ldap ldaps microsoft monitor normal processes running windows

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Senior Cloud Security Engineer

@ Cofense | Remote, United States

Cyber Hygiene GCP Cloud Junior Engineer

@ Deutsche Bank | Bucharest

Engineer - Software - Cyber

@ Valeo | BANGALORE - BAN1