Jake Smith
@jake.blue
OT Infrastructure Engineer | GICSP | E8 | VK4AYE | jake-smith.net
I'd probably jump on the host and start looking at which processes are listening on that port and go from there. Assuming I found something abnormal id isolate it (if possible) and do a site wide search for that process on other machines
January 25, 2025 at 1:49 PM
I'd probably jump on the host and start looking at which processes are listening on that port and go from there. Assuming I found something abnormal id isolate it (if possible) and do a site wide search for that process on other machines
I would probably check the logs on the AD machine to see if there have been any authentication activity for that account. Then perhaps check permissions etc and see what devices it has access too and dig further on each of those. What would be your recommendation @chrissanders88.bsky.social
December 24, 2024 at 1:09 AM
I would probably check the logs on the AD machine to see if there have been any authentication activity for that account. Then perhaps check permissions etc and see what devices it has access too and dig further on each of those. What would be your recommendation @chrissanders88.bsky.social