Posts: 6 Threads: 0 Joined: N/A October 26, 2022 at 1:05 PM plz discuss here Posts: 11 Threads: 0 Joined: N/A October 26, 2022 at 1:19 PM thanks Posts: 43 Threads: 0 Joined: N/A October 26, 2022 at 1:25 PM forensics Hidden Content You must register or login to view this content. Posts: 14 Threads: 0 Joined: N/A October 26, 2022 at 1:32 PM (October 26, 2022, 01:25 PM)lollole Wrote: Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
forensics How did you get this? Posts: 18 Threads: 0 Joined: N/A October 26, 2022 at 1:34 PM hmm interesting Posts: 43 Threads: 0 Joined: N/A October 26, 2022 at 1:36 PM (October 26, 2022, 01:32 PM)Diddledee Wrote: (October 26, 2022, 01:25 PM)lollole Wrote: Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
forensics
How did you get this? forensics:scientific tests or techniques used in connection with the detection of crime. use parser or windows to see files Posts: 22 Threads: 0 Joined: N/A October 26, 2022 at 1:38 PM (October 26, 2022, 01:36 PM)lollole Wrote: (October 26, 2022, 01:32 PM)Diddledee Wrote: (October 26, 2022, 01:25 PM)lollole Wrote: Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
forensics
How did you get this?
forensics:scientific tests or techniques used in connection with the detection of crime.
use parser or windows to see files there is a forth question Posts: 43 Threads: 0 Joined: N/A October 26, 2022 at 1:41 PM (October 26, 2022, 01:38 PM)killerbee Wrote: (October 26, 2022, 01:36 PM)lollole Wrote: (October 26, 2022, 01:32 PM)Diddledee Wrote: (October 26, 2022, 01:25 PM)lollole Wrote: Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
forensics
How did you get this?
forensics:scientific tests or techniques used in connection with the detection of crime.
use parser or windows to see files
there is a forth question find and share with us? Posts: 14 Threads: 0 Joined: N/A October 26, 2022 at 1:44 PM (October 26, 2022, 01:36 PM)lollole Wrote: (October 26, 2022, 01:32 PM)Diddledee Wrote: (October 26, 2022, 01:25 PM)lollole Wrote: Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
forensics
How did you get this?
forensics:scientific tests or techniques used in connection with the detection of crime.
use parser or windows to see files Oh thanks - used python-evtx to view them https://github.com/williballenthin/python-evtx Posts: 5 Threads: 0 Joined: N/A October 26, 2022 at 1:59 PM Which event log contains information about logon and logoff events? (for example: Setup)
> security
[+] Correct!
What is the event id for logs for a successful logon to a local computer? (for example: 1337)
> 4624
[+] Correct!
Which is the default Active Directory authentication protocol? (for example: http)
> kerberos
[+] Correct!
Looking at all the logon events, what is the AuthPackage that stands out as different from all the rest? (for example: http)
> ntlm
[+] Correct!
What is the timestamp of the suspicious login (yyyy-MM-ddTHH:mm:ss) UTC? (for example, 2021-10-10T08:23:12)
> 2022-09-28T13:10:57
[+] Correct! |
