LAPS password retrieval activity can be logged via directory service advanced auditing, specifically event ID 4662, after configuring the appropriate…
https://sra.io/blog/automated-detection-rule-analysis-with-dredd/
https://sra.io/blog/selective-kerberoast-prevention-using-dacls/
imported from https://2xxe.com/posts/6/
https://sra.io/blog/aws-iam-exploitation/
https://sra.io/blog/updated-results-from-the-mitre-attck-edr-evaluation/
https://sra.io/blog/a-closer-look-at-mitre-attck-evaluation-data/
imported from https://2xxe.com/posts/2/
imported from https://2xxe.com/posts/1/