Sponsor of the Day:
Jerkmate
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_setspn_spn_enumeration/
Potential SPN Enumeration Via Setspn.EXE | Detection.FYI
Detects service principal name (SPN) enumeration used for Kerberoasting
exe detection fyienumeration viapotentialspn
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_pua_adfind_enumeration/
PUA - Suspicious ActiveDirectory Enumeration Via AdFind.EXE | Detection.FYI
Detects active directory enumeration activity using known AdFind CLI flags
exe detection fyienumeration viapuasuspicious
https://detection.fyi/sigmahq/sigma/windows/builtin/ldap/win_ldap_recon/
Potential Active Directory Reconnaissance/Enumeration Via LDAP | Detection.FYI
Detects potential Active Directory enumeration via LDAP
active directoryenumeration viadetection fyipotentialreconnaissance