Real-world case studies – detecting advanced attacks with KQL
In this section, we will delve into the fascinating world of cyber defense by exploring three sophisticated AD attacks. Using KQL with MDI and MDE we will uncover the techniques used to detect these stealthy threats. Through these real-world case studies, you’ll gain a deep understanding of how to identify and mitigate these advanced attacks, enhancing your organization’s security posture. The attacks we’ll cover include the following:
- PtH attack: Exploiting hashed credentials to gain unauthorized access
- Kerberoasting: Targeting service accounts to crack encrypted tickets and retrieve plaintext passwords
- DCShadow attack: Registering rogue domain controllers to push malicious changes into the Active Directory
By the end of this section, you’ll not only learn how these attacks work but also how to craft and apply advanced KQL queries to detect and respond to these threats...
