AD security: ADTimeline (ANSSI) – FR

Article:

https://www.ssi.gouv.fr/publication/investigation-numerique-sur-lannuaire-active-directory-avec-les-metadonnees-de-replication-outil-adtimeline/

Download: 

https://github.com/ANSSI-FR/ADTimeline

 

Other references:

https://blogs.technet.microsoft.com/pie/2014/08/25/metadata-0-metadata-what-is-it-and-why-do-we-care

https://social.technet.microsoft.com/wiki/contents/articles/25946-metadata-de-replication-et-analyse-forensicactive-directory-fr-fr.aspx

https://adds-security.blogpost.com

https://harmj0y.net/blog/defense/hunting-with-active-directory-replication-metadata

 

 

Published by jdalbera

IT Pro: 25 years experience for large companies - Technical manager and solution architect: Directory services and Identity Management, Azure AD, Office 365, Azure infrastructures, Microsoft AD Security (ADDS,ADFS,ADCS), PowerShell, Quest solutions architect. Operating systems (Win/Lin). Unix and Microsoft interoperability. Data center Operations. Company integrations. Network architectures. Virtualization and storage infrastructures. HP/Dell servers deployments. Certifications: MCSE, MCPs, MCITS, ITIL, VCP, CCNA, CyberArk

%d bloggers like this: