LAPS password retrieval activity can be logged via directory service advanced auditing, specifically event ID 4662, after configuring the appropriate…

May 2022

https://sra.io/blog/automated-detection-rule-analysis-with-dredd/
https://sra.io/blog/selective-kerberoast-prevention-using-dacls/

June 2019

imported from https://2xxe.com/posts/6/

April 2019

https://sra.io/blog/aws-iam-exploitation/

March 2019

https://sra.io/blog/updated-results-from-the-mitre-attck-edr-evaluation/

December 2018

https://sra.io/blog/a-closer-look-at-mitre-attck-evaluation-data/

September 2018

imported from https://2xxe.com/posts/2/
imported from https://2xxe.com/posts/1/