We carry on with the Defensive Security section of the Cyber Security 101 path on THM!
We conclude this section with the Logs Fundamentals room.
The practical section of this room involves checking Windows OS logs via Event Viewer and looking for log files under the Security tab and filtering for account creation of a certain user and specific questions like the following –
The below contains some useful Event ID’s which can be used to filter Windows logs for specific actions such as account login, creation etc.
The last section is using grep to locate IP’s and URL’s which have been accessed within an Apache access.log file present on the attack box which was quite fun!
Tomorrow, we move on to the Introduction to SIEM module!
Until next time & don’t sleepwalk through life!
Tōfā