Networking
- Networking
Windows
Linux
Enterprise Architecture
Mac
- Forensics
  - Page 3
Attacker Information
IR Playbook
- Activity from Unmanaged Host
- Recommendations
Reverse Engineering
- Python - Pyinstaller

Powered by GitBook

On this page

Windows

Investigation

Scattered Identity

PreviousInsider Threats NextInternals

Last updated 3 months ago

Threat hunting Scattered:

Look for low prevalence logins with IPs.
Look for logins from multiple IPs.
Monitor adding users to high privilege groups.
Monitor password resets of privileged accounts.
Hunt for reading/access of incident email.

Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial IndustriesEclecticIQ