[MIS] 被攻擊AD登入鎖定或帳號不存在( 奇怪的帳號) NTLM

如標題

你可能會被奇怪得帳號或網域登入,關鍵字 FREEEDP..之類的....

https://ithelp.ithome.com.tw/articles/10191892

https://blog.darkthread.net/blog/check-auth-method-of-browser

https://evotec.xyz/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out/


https://blog.miniasp.com/post/2010/12/07/How-to-analysis-AD-Account-Lockout-problem


https://marcus116.blogspot.com/2019/06/net-log-parser-studio-log.html


https://www.chainnews.com/zh-hant/articles/437531178811.htm

 

延伸閱讀 ITHOME 文章

https://ithelp.ithome.com.tw/users/20114110/ironman/2536

登入錯誤的說明

https://docs.microsoft.com/zh-tw/windows/security/threat-protection/auditing/event-4776

masscan 宣稱它可以六分鐘掃完全球的網路

https://tinyurl.com/y9fe5kk5

MASSCAN: Mass IP port scanner

https://github.com/robertdavidgraham/masscan

 

 

 

以上文章僅用紀錄資料使用.....