If you duplicate the attacker steps on the Cisco hack, you get a few interesting Windows event logs to be monitoring:

-New service installed
-New user created
-User added to admin group
-Event log cleared
-User deleted

Are you looking for those events on your logs?


· · Web · 0 · 1 · 3
Sign in to participate in the conversation

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the team.