Episode Details

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect:

• RDP from public IPs
• Password spraying
• Kerberoasting
• Mimikatz
• Recon net commands
• Hash dumping
• Hits on a "honey domain admin" account
• Users with non-expiring passwords
• Hits on the SSH/FTP/HTTP honeypot