IT security under attack

Identify, mitigate, and prevent security risks.

 
  • Network security
  • Application security
  • Cloud security
  • Endpoint security
  • Information & Data security
  • IAM security
  • Secretly copying files from a remote location

    Learn more
  • Installing a malicious backdoor service

    Learn more
  • Hybrid AD reconnaissance

    Learn more Hybrid AD reconnaissance
  • Dumping credentials from local memory of servers (LSA)

    Learn more
  • Simulating domain controller behavior to get Active Directory user passwords

    Learn more
  • Registering a rogue domain controller to inject backdoor changes into Active Directory

    Learn more
  • Malicious Microsoft Office macro creation

    Learn more
  • AWS ransomware attack

    Learn more AWS ransomware attack
  • AD to Azure AD attack

    Learn more AD to Azure AD attack
  • Storage attack in Azure and AWS

    Learn more Storage attack in Azure and AWS
  • Detecting attacks in Linux environments

    Learn more
  • Detecting attacks in Windows environments

    Learn more
  • Bypass Windows Logons attack

    Learn more
  • Credential dumping attack

    Learn more Credential dumping attack
  • Kerberroasting attack

    Learn more Kerberroasting attack
  • Compromising an exchange server and extracting sensitive emails

    Learn more
  • Ransomware attacks on organizations

    Learn more
  • Password spray attack on Active Directory users

    Learn more
  • Attacking authentication in AD and Azure environments

    Learn more Attacking authentication in AD and Azure environments
  • Passing the password hash of admin to gain instant privilege

    Learn more
  • Brute forcing Active Directory administrator's password

    Learn more
  • Backdooring users into privileged groups in Active Directory

    Learn more
 
 
  • Attack flow
  • Technical attack
  • Solution

Password spray attack on Active Directory users

Password spray attack on Active Directory users
  • Attacking password hash synchronization in AD and Azure AD
    Attacking password hash synchronization in AD and Azure AD
  • Attacking Pass-Through Authentication in AD and Azure AD
    Attacking Pass-Through Authentication in AD and Azure AD
  • Attacking leaky S3 buckets in Amazon Web Services (AWS)
    Attacking leaky S3 buckets in Amazon Web Services (AWS)
  • Attacking unsecure storage accounts in Azure AD
    Attacking unsecure storage accounts in Azure AD

Password spray attack on Active Directory users

Password spray attack on Active Directory users

  • Detect Password spray script usage
    Detect Password spray script usage
  • Capture logon failures
    Capture logon failures
  • Detect scripts executed by end users
    Detect scripts executed by end users
  • Capture malicious tool usage to capture user credentials
    Capture malicious tool usage to capture user credentials
  • Detect brute-force attacks on Microsoft 365
    Detect brute-force attacks on Microsoft 365
  • Detect illegal file copies using the expand process
    Detect illegal file copies using the expand process
  • Detect malicious services
    Detect malicious services
  • Capture malicious PowerShell modules and scripts
    Capture malicious PowerShell modules and scripts
  • Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps.
    Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps
  • Discover malicious scripts
    Discover malicious scripts
  • Detect scripts executed by users
    Detect scripts executed by users
  • Detect logon failures
    Detect logon failures
  • Detect scripts that install backdoor MSI apps
    Detect scripts that install backdoor MSI apps
  • Detect MSI files allowed are not allowed to run
    Detect MSI files allowed are not allowed to run
  • Detect scripts that search for privilege escalation opportunities
    Detect scripts that search for privilege escalation opportunities
  • Identify members added to security groups
    Identify members added to security groups
  • Discover the contents of the scripts executed by users
    Discover the contents of the scripts executed by users
  • Discover login attempts to Exchange via command shells
    Discover login attempts to Exchange via command shells
  • Capture suspicious commands invoked in PowerShell
    Capture suspicious commands invoked in PowerShell
  • Capture permission changes on the domain
    Capture permission changes on the domain
  • Detect execution of tools like Mimikatz
    Detect execution of tools like Mimikatz
  • Determine the exact permission modified
    Determine the exact permission modified
  • Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
    Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
  • Monitor files and folders for unauthorized modifications
    Monitor files and folders for unauthorized modifications
  • Monitor computer object attribute changes
    Monitor computer object attribute changes
  • Bypass windows logons detect computer startup shutdown
    Bypass windows logons detect computer startup shutdown
  • Read into script details
    Read into script details
  • Detect scripts executed by end users
    Detect scripts executed by end users
  • Detect Security Changes
    Detect Security Changes
  • Correlate security changes to detect ransomware attacks
    Correlate security changes to detect ransomware attacks
  • Use predefined correlation rules to detect ransomware attacks
    Use predefined correlation rules to detect ransomware attacks
  • Determine the exact commands run by your users
    Determine the exact commands run by your users
  • Build customized alerts based on recon commands or scripts
    Build customized alerts based on recon commands or scripts
  • Detect recon commands invoked and scripts executed on command line interfaces (like PowerShell)
    Detect recon commands invoked and scripts executed on command line interfaces
  • Discover password attacks on azure environments by monitoring logons
    discover-password-attacks-on-azure-environments-by-monitoring-logons
  • Detect attacker's attempts to obtain information on Azure tenants via command line shells
    Detect attacker's attempts to obtain information on Azure tenants via command line shells
  • Capture malicious tool usage to capture user credentials
    Capture malicious tool usage to capture user credentials
  • Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
    Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
  • Discover malicious scripting tools used to extract the targeted service account tickets
    Discover malicious scripting tools used to extract the targeted service account tickets
  • Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
    Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
  • Detect permission changes on S3 buckets
    Detect permission changes on S3 buckets
  • Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
    Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
  • Detect attempts to intercept PTA agent and capture user passwords
    Detect attempts to intercept PTA agent and capture user passwords
  • AADInternals - A malicious PowerShell module used in PTA interception attacks
    AADInternals - A malicious PowerShell module used in PTA interception attacks
  • Detect attempts to decrypt the passwords of the MSOL_nnnn account
    Detecting attempts to decrypt the passwords of the MSOL_nnnn account
  • Detect file creations that record user passwords in PTA interception attack
    Detect file creations that record user passwords in PTA interception attack
  • Detect permission changes on Azure Storage Accounts
    Detect permission changes on Azure Storage Accounts
  • Detect users and hosts accessing the S3 bucket
    Detect users and hosts accessing the S3 bucket
  • Detect file modifications in buckets by tracking host IP addresses
    Detect file modifications in buckets by tracking host IP addresses
  • Find recently modified AWS S3 buckets
    Find recently modified AWS S3 buckets
  • Monitor SSH,FTP, switch user logons (SU)
    Monitor SSH,FTP, switch user logons (SU)
  • Track logon failures to detect break-in attempts
    Track logon failures to detect break-in attempts
  • Monitor system events like 'Syslog stopped' which could be indications of an attack attempt
    Monitor system events like 'Syslog stopped' which could be indications of attack attempt
  • Monitor root command executions
    Monitor root command executions
  • Track modifications on your Linux users
    Track modifications on your Linux users
  • Monitor several Linux servers with ease
    Across all Linux servers in your network
  • Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
    Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
  • Track various modes of logon- remote, local, RADIUS logon and more
    Track various modes of logons- remote, local, RADIUS logon and more
  • Monitor changes across your SQL servers, Web Servers, Terminal servers too!
    Monitor changes across your SQL servers, Web Servers, Terminal servers too!
  • Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
    Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
  • Monitor script executions across your Windows servers
    Monitor script executions across your Windows servers
  • Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations
    Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations

Hey there, IT warriors!

I’m Abi, a CISSP-certified security consultant at ManageEngine. I have been with ManageEngine for four years, and my team comes with a combined 15+ years of experience specializing in IT security. Let’s connect, share insights, and strengthen our networks together—because collaboration makes all the difference! Feel free to reach out at abi@manageengine.com—always happy to discuss security and exchange ideas!

Have a burning IT security question?  

We're here to assist with all your IT security challenges!

Thanks for your interest in ManageEngine Log360

  •  
  •  
  •  
  •  
  • By clicking 'SUBMIT' you agree to processing of personal data according to the Privacy Policy.

  Zoho Corporation Pvt. Ltd. All rights reserved