• q9_545114
    了解作者
  • 5.2KB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • VIP专享
    资源类型
  • 0
    下载次数
  • 2022-04-23 02:12
    上传日期
#RD-AD(广告请求-检测) 此脚本有助于实时检测,跟踪和阻止来自AD的恶意请求,攻击或收集信息请求,以保护诸如BloodHound,Mimikatz之类的有价值的信息(帐户管理员,密码和GPO ...) .... 它们允许轻松读取事件,转换GUID并通过操作摘要得到通知,使用白名单可排除对特定服务器或帐户的检测。 您可以对其进行编辑以发送邮件,阻止或禁用帐户,..... #关于 : request-detect AD:帮助检测和监视AD,以提供更高的安全性。 该脚本可以通过两种方式使用: 首先:在任务计划中添加事件,这种方法非常快速,但是需要配置。 第二:以X秒钟为周期打开脚本,以检查并生成警报,这种方法比第一种慢,但易于配置。 前提条件 启用AD DS审核对象 可选:仅创建一次文件夹以提取架构详细信息 创建清单以排除相同的帐户或计算机 如何使用 : 启用AD DS审核
RD-AD-main.zip
  • RD-AD-main
  • README.md
    1.3KB
  • DR-AD-Boucle.ps1
    4.2KB
  • DR-AD.ps1
    4.2KB
内容介绍
#RD-AD (Requests-Detect on AD) this script, help to detect, track and prevent in real time, the malicious request, attack, or collects information request from AD, to protect valuable information like ( accounts admins, password, and GPO ...) from tools like BloodHound, Mimikatz.... They allow to easily read the events, convert GUID, and be notified with a action summary, use the whitelist to exclude the detection on specific servers or accounts. you can edit it to send mail, block or disable account, ..... #About : requests-detect AD : help to detect and monitor the AD, to give more security. the script can be used on two way: First : add to event on task schedule, this way is very fast, but need an configuration. Second : turn the script on loop, all X secondes, to check and generate alert, this way is slower that first way, but easy to configure. # PREREQUISITE * enable AD DS audit object * optional : create a folder to extract schema details, only one times * create whitlist to exclude same account or machines # How to use : * enable AD DS audit object you can edit a default domain controllers pollicy or create a new GPO, and enable AD DS succezss and Faillure on "Computer Configuration\Windows Settings\Security Settings\Audit Policies\DS Access\Audit Directory Service Access"
评论
    相关推荐