![Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy | by Will Schroeder | Posts By SpecterOps Team Members Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy | by Will Schroeder | Posts By SpecterOps Team Members](https://miro.medium.com/v2/resize:fit:1024/0*Mky2IiXuhuATFWXw.png)
Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy | by Will Schroeder | Posts By SpecterOps Team Members
![Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below](https://pbs.twimg.com/media/EMKCtJQXsAEFN5W.png)
Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below
![Secure workstations by monitoring and alerting on membership changes in the local Administrators group, Part 2 - ManageEngine Blog Secure workstations by monitoring and alerting on membership changes in the local Administrators group, Part 2 - ManageEngine Blog](https://blogs.manageengine.com/wp-content/uploads/2018/10/monitoring-p2-figure-1.png)
Secure workstations by monitoring and alerting on membership changes in the local Administrators group, Part 2 - ManageEngine Blog
![Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium](https://miro.medium.com/v2/resize:fit:369/1*PwJb7coiw-ifSMxx2oJvHA.png)
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
I-SECURE CO., LTD. - 🔥 สูตรวิเคราะห์ Windows Event Log สำหรับ Threat Hunter และ Incident Responder 🔥 | Facebook
![BloodHound Inner Workings & Limitations – Part 1: User Rights Enumeration Through SAMR & GPOLocalGroup – Compass Security Blog BloodHound Inner Workings & Limitations – Part 1: User Rights Enumeration Through SAMR & GPOLocalGroup – Compass Security Blog](https://blog.compass-security.com/wp-content/uploads/2022/04/2022-03-12-16_51_19-Clone-of-Windows-10-Pro-x64-21H1-VMware-Workstation.png)