Most of us in this field are aware that some types of administrative tools and administrative logons leave behind credentials in a manner that can be reused by an actor on a compromised host, and some do not. I've been looking for a #sysadmin and #incidentresponder cheat sheet for a while - @reprise_99 brought this one to my attention. Nice! https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types #dfir #toolbox

📬 Laurance Dine: Cyberangriffe bringen IR-Teams ans Limit
#Hacking #Studie #Cyberangriffe #IBMSecurity #IncidentResponder #ITSecurity #LauranceDine #PsychischeGesundheit #XForce https://tarnkappe.info/studie/laurance-dine-cyberangriffe-bringen-ir-teams-ans-limit-257255.html