Alexander Rodchenko – WindowsTechs.com

Anomaly detection in certificate-based TGT requests

Posted on July 28, 2023 by Alexander Rodchenko

I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. Continue reading Anomaly detection in certificate-based TGT requests→

Detection evasion in CLR and tips on how to detect such attacks

Posted on September 21, 2021 by Alexander Rodchenko

In this article we demonstrate a detection evasion technique using CLR that may be useful for penetration testing as well as a couple of tips for SOCs to help detect such attacks. Continue reading Detection evasion in CLR and tips on how to detect such attacks→