LoFP
/
T1558.004
T1558.004
Title
Tags
administrators or power users may use powerview for troubleshooting
t1558
T1558.004
endpoint
splunk
administrators or power users may use search for accounts with kerberos pre authentication disabled for legitimate purposes.
t1558
T1558.004
endpoint
splunk
although unlikely, administrators may need to set this flag for legitimate purposes.
t1558
T1558.004
endpoint
splunk
although unlikely, legitimate applications may use the same command line parameters as rubeus. filter as needed.
t1550
t1550.003
t1558
t1558.003
T1558.004
endpoint
splunk