Скачать или смотреть Evading detection: What red teamers need to know about SIEM logs | Learn with HTB

Using #PSExec to move laterally? That noisy tool could get you kicked out. Discover which Windows events and #SIEM rules effectively detect attackers, and learn how to remain stealthy.

In this episode of Learn with Hack The Box, ‪@PinkDraconian‬ will explain, step by step, how to use fly-under-the-radar techniques for Windows as a #redteamer. We will show you where logs reside, which Windows Event IDs defenders typically monitor (4624/4625, 4688, 7045, 5140, 4104, and Sysmon), why PsExec often triggers alarms, and lower-noise alternatives like WMI/DCOM and other quieter tooling.

🎁 Don't forget to comment below the hidden flag to claim a Silver Annual subscription for FREE! The winner will be randomly selected in a week.

What you’ll learn:
Where your activity shows up (Event Viewer → SIEMs like Splunk/Sentinel/QRadar)
The high-value Windows events every red teamer should know
Why PsExec is noisy and what quieter lateral movement looks like (WMI, DCOM)
Tools & techniques for lower footprint ops: PowerView, SharpSploit, Invoke-Phant0m
How to use logs against defenders — lab exercises and misdirection strategies

Want hands-on practice? Check out HTB Academy and our HTB CAPE (Certified Active Directory Pentesting Expert) certification: https://academy.hackthebox.com/previe...

Are you new to cybersecurity? Take the first step with the Certified Junior Cybersecurity Associate path and certification: https://academy.hackthebox.com/previe...

🔔 Subscribe for more offensive & defensive tradecraft: practical demos, lab walkthroughs, and certification tips.

Timestamps
0:00 Introduction
1:29 Why stealth matters
2:53 Where logs live
4:26 Understand what gets logged
8:51 Using logs against defenders


#HackTheBox #HTB #redteam #blueteam #eventlogs #sysmondetection #activeDirectory #pentesting