Windows Event Logs- TryHackMe lab

Published by Nick on

This week I am working on the Windows Events room by Tryhackme.

Per Wikipedia, “Event logs record events taking place in the execution of a system to provide an audit trail that can be used to understand the activity of the system and to diagnose problems. They are essential to understand the activities of complex systems, particularly in applications with little user interaction (such as server applications).”

The image above shows some capabilities of a SIEM (Security information and event management). This is a system that can collect logs from many systems to view them in one place. When hackers perform malicious actions on a system, they often clear the logs to prevent detection. If the logs are sent to a SIEM, you may still get the logs that show their actions. You will also have a much easier time viewing the logs in one place rather than on each system individually.

In Windows, there are 5 types of events that can be logged:

  • Error
  • Warning
  • Information
  • Success Audit
  • Failure Audit
Categories: CybersecurityPentesting

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Cybersecurity

Administrator- Hackthebox lab

This lab came with Active Directory creds to simulate an assumed breach assessment. I started by checking the credentials with Netexec to confirm they worked. Next I ran Bloodhound-ce-python to collect Active Directory data for Read more

Cybersecurity

Support- Hackthebox lab

I started with an nmap scan for all TCP ports and the top UDP ports. This one looks like an Active Directory Domain Controller. Added target hostnames to /etc/hosts Looking through the SMB shares, I Read more

Cybersecurity

ServMon- Hackthebox lab

This box took a ton of troubleshooting and resets for the privilege escalation. The web server kept crashing but after many attempts, I finally got it finished. I start things off with a port scan Read more