IT security under attack

Security incidents on highly secure IT infrastructures often make the headlines.

  • Times have changed; the complexities and the level of technical expertise involved in carrying out a full-scale cyberattack has narrowed drastically.
  • A single vulnerability or a configuration mishap is all it takes for a low-skilled threat actor to gain administrative access to your network.
  • Learn about the popular techniques employed by threat actors to intrude on organization networks, watch live simulations, and build a comprehensive defense strategy with ManageEngine.
  • Bookmark this page, we'll keep adding newer attack simulations based on cybersecurity trends. We'll notify you on email too!

Log360 is an integrated SIEM solution from ManageEngine that detects threats trying to penetrate your network and eliminates them at their earliest stages. With support extending to various IT environments like Active Directory (AD), Exchange Server, public cloud setups, and various network devices, Log360 covers all your bases by doing most of the work for you, including automating log management, auditing changes, and raising alerts for critical events in real time.

© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.

Talk to us.

Feedback

  • Attack flow
  • Technical attack
  • Solution

Password spray attack on Active Directory users

  • Attacking password hash synchronization in AD and Azure AD
  • Attacking Pass-Through Authentication in AD and Azure AD
  • Attacking leaky S3 buckets in Amazon Web Services (AWS)
  • Attacking unsecure storage accounts in Azure AD

Password spray attack on Active Directory users

Password spray attack on Active Directory users

  • Read into script details
  • Capture logon failures
  • Detect scripts executed by end users
  • Detect execution of tools that will lead to pass the hash attack
  • Detect brute-force attacks on Microsoft 365
  • Capture details of malicious users, and see which network shares they accessed
  • Detect illegal file copies using the expand process
  • See the malicious service installation time
  • Detect malicious services
  • Capture malicious PowerShell modules and scripts
  • Find which users are trying to extract credentials from Local Security Authority Subsystem Service (LSASS) and when with timestamps.
  • Filter events to detect LSASS dump attempts
  • Discover malicious scripts
  • Detect scripts executed by users
  • Detect logon failures
  • Detect scripts that search for privilege escalation opportunities
  • Detect scripts that install backdoor MSI apps
  • Discover the contents of the scripts executed by users
  • Discover login attempts to Exchange via command shells
  • Capture suspicious commands invoked in PowerShell
  • Capture permission changes on the domain
  • Detect execution of tools like Mimikatz
  • Determine the exact permission modified
  • Track service principal name (SPN) changes to computers, which can be an indication of rogue DCs
  • Monitor files and folders for unauthorized modifications
  • Detect computer startup and shutdown
  • Read into script details
  • Detect scripts executed by end users
  • Detect Security Changes
  • Correlate security changes to detect ransomware attacks
  • Correlate security changes to detect ransomware attacks
  • Determine the exact commands run by your users
    Determine the exact commands run by your users
  • Build customized alerts based on recon commands or scripts
    Build customized alerts based on recon commands or scripts
  • Detect recon commands invoked and scripts executed on command line interfaces (like PowerShell)
    Detect recon commands invoked and scripts executed on command line interfaces
  • Alert on recon attempts
    Alert on recon attempts
  • Discover password attacks on Azure environments by monitoring logons
    Discover password attacks on Azure environments by monitoring logons
  • Detect the execution malicious tools used to obtain password of AD users via Azure sync account
    Detect the execution malicious tools used to obtain password of AD users via Azure sync account
  • Detect attacker's attempts to obtain information on Azure tenants via command line shells
    Detect attacker's attempts to obtain information on Azure tenants via command line shells
  • Capture backdoor script usage in Group Policy Objects (GPOs)(an attempt to capture user credentials)
    Capture backdoor script usage in Group Policy Objects (GPOs)( an attempt to capture user credentials)
  • Detect creation and modification of scheduled tasks (often leveraged to introduce backdoor scripts to extract credentials)
    Detect creation and modification of scheduled tasks (often leveraged to introduce backdoor scripts to extract credentials)
  • Detect the usage of malicious scripting tools used to dump credentials from a server
    Detect the usage of malicious scripting tools used to dump credentials from a server
  • Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
    Capture the exact commands executed by attackers to discover accounts with SPN (Service Principal Name) values
  • Discover malicious scripting tools used to extract the targeted service account tickets
    Discover malicious scripting tools used to extract the targeted service account tickets
  • Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
    Monitor your AWS instance for unauthorized IAM activity like logon failures, Access key misuse and more
  • Detect permission changes on S3 buckets
    Detect permission changes on S3 buckets
  • Capture ransomware attack attempts by detecting changes on the objects in S3 buckets
    Capture ransomware attack attempts by detecting changes on the objects in S3 buckets
  • Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
    Detect scripts used to extract the credentials of Azure connector account (MSOL_nnnn)
  • Detect attempts to intercept PTA agent and capture user passwords
    Detect attempts to intercept PTA agent and capture user passwords
  • AADInternals - A malicious PowerShell module used in PTA interception attacks
    AADInternals - A malicious PowerShell module used in PTA interception attacks
  • Detect attempts to decrypt the passwords of the MSOL_nnnn account
    Detecting attempts to decrypt the passwords of the MSOL_nnnn account
  • Detect file creations that record user passwords in PTA interception attack
    Detect file creations that record user passwords in PTA interception attack
  • Detect permission changes on Azure Storage Accounts
    Detect permission changes on Azure Storage Accounts
  • Detect users and hosts accessing the S3 bucket
    Detect users and hosts accessing the S3 bucket
  • Detect users accessing the buckets
    Detect users accessing the buckets
  • Track access keys created by Storage Accounts in Azure
    Track access keys created by Storage Accounts in Azure
  • Detect file modifications in buckets by tracking host IP addresses
    Detect file modifications in buckets by tracking host IP addresses
  • Find recently modified AWS S3 buckets
    Find recently modified AWS S3 buckets
  • Monitor SSH,FTP, switch user logons (SU)
    Monitor SSH,FTP, switch user logons (SU)
  • Track logon failures to detect break-in attempts
    Track logon failures to detect break-in attempts
  • Monitor system events like 'Syslog stopped' which could be indications of an attack attempt
    Monitor system events like 'Syslog stopped' which could be indications of attack attempt
  • Monitor root command executions
    Monitor root command executions
  • Track modifications on your Linux users
    Track modifications on your Linux users
  • Monitor several Linux servers with ease
    Across all Linux servers in your network
  • Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
    Monitor user logons across endpoints, AD Domain Controllers (DCs) and member servers
  • Track various modes of logon- remote, local, RADIUS logon and more
    Track various modes of logons- remote, local, RADIUS logon and more
  • Monitor changes across your SQL servers, Web Servers, Terminal servers too!
    Monitor changes across your SQL servers, Web Servers, Terminal servers too!
  • Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
    Monitor changes to your data stored across Windows File servers and other widely used servers such as NetApp, EMC and more
  • Monitor script executions across your Windows servers
    Monitor script executions across your Windows servers
  • Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations
    Monitor Windows events like process halts, service installations, registry key changes, scheduled task creations

Demo request received

Thank You for the interest in ManageEngine AD360. We have received your personalized demo request and will contact you shortly.

Sign up to view the videos!

Please enter business email address
  • By clicking 'Sign up to view the videos!', you agree to processing of personal data according to the Privacy Policy.
Thank you!