Investigating an Infected Windows Active ...

Investigating an Infected Windows Active Directory | TryHackMe Recovering Active Directory

Feb 25, 2024

We covered the process of incident response and the steps taken to investigate and recover an infected Windows active directory system. We used Powerview and Eventviewer to investigate the actions taken by the attacker such as users created/modified, group policy changes and other events such as date and time. . This was part of TryHackMe recovering active directory.

Full writeup and room questions can be found here.

Video walk-through

Enjoy this post?

Buy Motasem Hamdan / HackNotes a pizza

More from Motasem Hamdan / HackNotes