Attempting to correlate and visualize login session across a domain.
Should theoretically be able to track the usage of a single Kerberos ticket across multiple services by way of EventIDs.
For now this is a work in progress but remains a subject of ongoing research and great fascination for me.
graham-cleven / win-uba Goto Github PK
View Code? Open in Web Editor NEWSession analysis tool based on Splunk, Windows event logs, Bro/Zeeke, and Py/Flask