La seguridad de TI bajo ataque

Los incidentes de seguridad en infraestructuras de TI altamente seguras suelen ocupar los titulares.

  • Los tiempos han cambiado; las complejidades y el nivel de conocimientos técnicos necesarios para llevar a cabo un ciberataque a gran escala se han reducido drásticamente.
  • Una sola vulnerabilidad o un error de configuración es todo lo que necesita un atacante poco cualificado para obtener acceso administrativo a su red.
  • Aprenda sobre las técnicas populares que los atacantes utilizan para ingresar en las redes de las organizaciones, vea simulaciones en tiempo real y cree una estrategia de defensa integral con ManageEngine.
  • Marque esta página, seguiremos añadiendo nuevas simulaciones de ataques basadas en las tendencias de ciberseguridad. ¡También le notificaremos por correo electrónico!

Log360 es una solución de SIEM integrada de ManageEngine que detecta las amenazas que intentan penetrar en su red y las elimina en sus primeras etapas. Con una compatibilidad que se extiende a varios entornos de TI como Active Directory (AD), Exchange Server, entornos de nube pública y varios dispositivos de red, Log360 cubre todas sus necesidades haciendo la mayor parte del trabajo por usted, lo cual incluye automatizar la gestión de logs, auditar cambios y generar alertas para los eventos críticos en tiempo real.

  • Flujo de ataque
  • Ataque técnico
  • Solución

Password spray attack on Active Directory users

  • Attacking password hash synchronization in AD and Azure AD
  • Attacking Pass-Through Authentication in AD and Azure AD
  • Attacking leaky S3 buckets in Amazon Web Services (AWS)
  • Attacking unsecure storage accounts in Azure AD

Password spray attack on Active Directory users

Password spray attack on Active Directory users

  • Read into script details
  • Capture logon failures
  • Detect scripts executed by end users
  • Detect execution of tools that will lead to pass the hash attack
  • Detect brute-force attacks on Microsoft 365
  • Capture details of malicious users, and see which network shares they accessed
  • Detect illegal file copies using the expand process
  • See the malicious service installation time
  • Detect malicious services
  • Capture malicious PowerShell modules and scripts
  • Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps.
  • Filter events to detect LSASS dump attempts
  • Discover malicious scripts
  • Detect scripts executed by users
  • Detect logon failures
  • Detect scripts that search for privilege escalation opportunities
  • Detect scripts that install backdoor MSI apps
  • Discover the contents of the scripts executed by users
  • Discover login attempts to Exchange via command shells
  • Capture suspicious commands invoked in PowerShell
  • Capture permission changes on the domain
  • Detect execution of tools like Mimikatz
  • Determine the exact permission modified
  • Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
  • Monitor files and folders for unauthorized modifications
  • Detect computer startup and shutdown
  • Read into script details
  • Detect scripts executed by end users
  • Detect Security Changes
  • Correlate security changes to detect ransomware attacks
  • Correlate security changes to detect ransomware attacks
  • Determine the exact commands run by your users
    Determine the exact commands run by your users
  • Build customized alerts based on recon commands or scripts
    Build customized alerts based on recon commands or scripts
  • Detect recon commands invoked and scripts executed on command line interfaces (like PowerShell)
    Detect recon commands invoked and scripts executed on command line interfaces
  • Alert on recon attempts
    Alert on recon attempts
  • Discover password attacks on Azure environments by monitoring logons
    Discover password attacks on Azure environments by monitoring logons
  • Detect the execution malicious tools used to obtain password of AD users via Azure sync account
    Detect the execution malicious tools used to obtain password of AD users via Azure sync account
  • Detect attacker's attempts to obtain information on Azure tenants via command line shells
    Detect attacker's attempts to obtain information on Azure tenants via command line shells
  • Capture backdoor script usage in Group Policy Objects (GPOs)(an attempt to capture user credentials)
    Capture backdoor script usage in Group Policy Objects (GPOs)( an attempt to capture user credentials)
  • Detect creation and modification of scheduled tasks (often leveraged to introduce backdoor scripts to extract credentials)
    Detect creation and modification of scheduled tasks (often leveraged to introduce backdoor scripts to extract credentials)
  • Detect the usage of malicious scripting tools used to dump credentials from a server
    Detect the usage of malicious scripting tools used to dump credentials from a server
  • Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
    Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
  • Discover malicious scripting tools used to extract the targeted service account tickets
    Discover malicious scripting tools used to extract the targeted service account tickets
  • Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
    Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
  • Detect permission changes on S3 buckets
    Detect permission changes on S3 buckets
  • Capture ransomware attack attempts by detecting changes on the objects in S3 buckets
    Capture ransomware attack attempts by detecting changes on the objects in S3 buckets
  • Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
    Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
  • Detect attempts to intercept PTA agent and capture user passwords
    Detect attempts to intercept PTA agent and capture user passwords
  • AADInternals - A malicious PowerShell module used in PTA interception attacks
    AADInternals - A malicious PowerShell module used in PTA interception attacks
  • Detect attempts to decrypt the passwords of the MSOL_nnnn account
    Detecting attempts to decrypt the passwords of the MSOL_nnnn account
  • Detect file creations that record user passwords in PTA interception attack
    Detect file creations that record user passwords in PTA interception attack
  • Detect permission changes on Azure Storage Accounts
    Detect permission changes on Azure Storage Accounts
  • Detect users and hosts accessing the S3 bucket
    Detect users and hosts accessing the S3 bucket
  • Detect users accessing the buckets
    Detect users accessing the buckets
  • Track access keys created by Storage Accounts in Azure
    Track access keys created by Storage Accounts in Azure
  • Detect file modifications in buckets by tracking host IP addresses
    Detect file modifications in buckets by tracking host IP addresses
  • Find recently modified AWS S3 buckets
    Find recently modified AWS S3 buckets

Demo request received

Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.

Sign up to view the videos!

Please enter business email address
  • Al hacer clic en 'Enviar', usted acepta el Acuerdo de licencia y la Política de privacidad.
¡Gracias!