How do I disable the AppLogs agent?
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy | by Will Schroeder | Posts By SpecterOps Team Members
Active Directory Domain Enumeration Part-1 With Powerview - NoRed0x
4798(S) A user's local group membership was enumerated. | Microsoft Learn
How to Check Computer Login History on Windows 10/11?
A Little Guide to SMB Enumeration - Hacking Articles
Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below
What is NetBIOS Enumeration? - GeeksforGeeks
Event ID 4688: What Is It & How to Enable It - Windows Report
Secure workstations by monitoring and alerting on membership changes in the local Administrators group, Part 2 - ManageEngine Blog
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
Threat Hunting Using Windows Security Log - Security Investigation
First Steps After Compromise: Enumerating Active Directory - risk3sixty
Get Local Group Members Revisited • The Lonely Administrator
Solved Event Properties - Event 4798, Microsoft Windows | Chegg.com
process - what service creates windows security auditing event 4798 in Win 10 - Super User
Incident Response: Windows Account Management Event (Part 1) - Hacking Articles
Using Windows Event Log IDs for Threat Hunting - FourCore
Get Local Group Members Revisited • The Lonely Administrator
Windows Event Log Analysis - Incident Response Guide
4732(S) A member was added to a security-enabled local group. | Microsoft Learn
I-SECURE CO., LTD. - 🔥 สูตรวิเคราะห์ Windows Event Log สำหรับ Threat Hunter และ Incident Responder 🔥 | Facebook
EventList – the Baseline Event Analyzer | miriamxyra
1104(S) The security log is now full. | Microsoft Learn
