Skip to content

Cybersecurity Musings

Cybersecurity and everything else!

  • home
  • detection
  • lab
  • ir
topics
  • all
  • Detection 6
  • Network & Logging
  • Endpoint
  • Cloud
  • Incident Response 1
  • Identity & Hardening 2
  • Vuln Mgmt
  • Lab Notes 5
  • Office 365 1
  • logs 1

Category: Identity & Hardening

ADFS, GPO, SSH, and identity logging baselines.

Certipy, AD CS, and the Day Suricata Told Me “dce” Isn’t a Protocol

Jun 14, 2024 Detection, Identity & Hardening, Lab Notes

Yeah so AD CS abuse is one of those things that looks clean in a conference talk and messy the second you try to detect it on a …

Continue reading →

Investigating Active Directory Account Lockouts Like an Analyst

Nov 23, 2023 Detection, Identity & Hardening

Yeah so account lockouts. Most of them are boring. Phone still has the old password, Outlook on a laptop that never got the new one, some backup job …

Continue reading →

Browse

  • Detection 6
  • Network & Logging 0
  • Endpoint 0
  • Cloud 0
  • Incident Response 1
  • Identity & Hardening 2
  • Vuln Mgmt 0
  • Lab Notes 5
  • Office 365 1
  • logs 1

Series of writeups from labs, detections, and hardening notes.

echo "© 2026 Cybersecurity Musings — lab notes & detection writeups" ~/ · rss