Thursday, November 10, 2011

The hunt for EventID's

What should you look for when you go into the even viewer in Windows?

Is there any events that are more important that others?

Of course but its not just easy to know what you should be looking for, going to this site and you will have a better overview of what EventID there is.

A little list over important security related events

EventID - Event
  4782    - The password hash an account was accessed
  4720    - A user account was created
  4722    - A user account was enabled
  4740    - A user account was locked out
  4625    - An account failed to log on
  4649    - A replay attack was detected
  4728    - A member was added to a security-enabled global group

When was Windows started?

How long have the Server of PC been running? Sometimes you need to figure when the OS was started. As always there are different was of get...