Ссылки. Security

Пусть тут поживут. Постоянно приходится искать 🙂

– Определение LM\NTLM

https://secpfe.com/wordpress/en/2017/03/01/controlling-and-restricting-ntlm-usage-part-i/

https://secpfe.com/wordpress/en/2017/03/02/controlling-and-restricting-ntlm-usage-part-ii-audit-and-detection/

https://github.com/secpfe/NTLMHound/

 

– ATA и ATA Playbook

https://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata

https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38

 

– Identifying Clear Text LDAP binds to your DC’s

https://blogs.technet.microsoft.com/russellt/2016/01/13/identifying-clear-text-ldap-binds-to-your-dcs/

 

– LAPS Audit Reporting via WEF PoSH and PowerBI

https://blogs.technet.microsoft.com/kfalde/2015/11/18/laps-audit-reporting-via-wef-posh-and-powerbi/

 

-LAPS and permission to join computer to domain

https://blogs.msdn.microsoft.com/laps/2015/07/17/laps-and-permission-to-join-computer-to-domain/

 

– Pass-the-Hash

https://technet.microsoft.com/en-us/security/dn785092

(Mitigating Pass-the-Hash and Other Credential Theft v1, Mitigating Pass-the-Hash and Other Credential Theft v2, How Pass-the-Hash works PDF)

 

– Administrative Tools and Logon Types

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ATLT_BM

 

– Privileged Access Workstations (PAW)

https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/privileged-access-workstations

 

– Privileged Access Workstation (PAW) Content

https://gallery.technet.microsoft.com/Privileged-Access-3d072563

 

Update 31.07.2017

Microsoft Advanced Threat Analytics Proof of Concept Playbook

https://gallery.technet.microsoft.com/Advanced-Threat-Analytics-591ca681

 

Update 21.08.2017

Troubleshooting ATA known issues

https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide

Update 26.08.2017

Understanding ATA Suspicious Activity Alerts

 https://blogs.technet.microsoft.com/enterprisemobility/2016/11/04/understanding-ata-suspicious-activity-alerts/