IT security under attack

Security incidents on highly secure IT infrastructures often make the headlines.

  • Times have changed; the complexities and the level of technical expertise involved in carrying out a full-scale cyberattack has narrowed drastically.
  • A single vulnerability or a configuration mishap is all it takes for a low-skilled threat actor to gain administrative access to your network.
  • Learn about the popular techniques employed by threat actors to intrude on organization networks, watch live simulations, and build a comprehensive defense strategy with ManageEngine.
  • Bookmark this page, we'll keep adding newer attack simulations based on cybersecurity trends. We'll notify you on email too!

Demo request received

Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.

Sign up to view the videos!

Please enter business email address
  • By clicking 'Sign up to view the videos!', you agree to processing of personal data according to the Privacy Policy.

Log360 is an integrated SIEM solution from ManageEngine that detects threats trying to penetrate your network and eliminates them at their earliest stages. With support extending to various IT environments like Active Directory (AD), Exchange Server, public cloud setups, and various network devices, Log360 covers all your bases by doing most of the work for you, including automating log management, auditing changes, and raising alerts for critical events in real time.

© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.

Talk to us.


  • Attack flow
  • Technical attack
  • Solution

Password spray attack on Active Directory users

Password spray attack on Active Directory users

Password spray attack on Active Directory users

  • Read into script details
  • Capture logon failures
  • Detect scripts executed by end users
  • Detect execution of tools that will lead to pass the hash attack
  • Detect brute-force attacks on Microsoft 365
  • Capture details of malicious users, and see which network shares they accessed
  • Detect illegal file copies using the expand process
  • See the malicious service installation time
  • Detect malicious services
  • Capture malicious PowerShell modules and scripts
  • Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps.
  • Filter events to detect LSASS dump attempts
  • Discover malicious scripts
  • Detect scripts executed by users
  • Detect logon failures
  • Detect scripts that search for privilege escalation opportunities
  • Detect scripts that install backdoor MSI apps
  • Discover the contents of the scripts executed by users
  • Discover login attempts to Exchange via command shells
  • Capture suspicious commands invoked in PowerShell
  • Capture permission changes on the domain
  • Detect execution of tools like Mimikatz
  • Determine the exact permission modified
  • Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
  • Monitor files and folders for unauthorized modifications
  • Detect computer startup and shutdown
  • Read into script details
  • Detect scripts executed by end users
  • Detect Security Changes
  • Correlate security changes to detect ransomware attacks
  • Correlate security changes to detect ransomware attacks