ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "DFSP # 399 - Lateral Movement Failed Logon Events"
Episode Synopsis
Finding and analyzing failed logons sometimes is just as important as finding suspicious, actual logon activity. Like anything, context is important. Old logon records offer an opportunity to identify not only suspicious activity, but perhaps attempted activity by an attacker. A standard move in the attack chain is to compromise an account and use it to move within the breached environment. However, it doesn't always work as planned for the attacker, and you may find failed activity a valid signal for identifying, malicious actions. This episode, I'm going to take a look at failed logon events from an investigation point of you.
More episodes of the podcast Digital Forensic Survival Podcast
DFSP # 499 Linux top 10
09/09/2025
DFSP # 498 Windows top 10
02/09/2025
DFSP # 497 ticket to ride
26/08/2025
DFSP # 496 Signed, Sealed, Exploited
19/08/2025
DFSP # 495 Corrupted from within
12/08/2025
DFSP # 494 the request is out there
05/08/2025
DFSP # 493 Stop, Share, and Listen
29/07/2025
DFSP # 492 A Bit of TCP
22/07/2025
DFSP # 490 Unveiling the USN Journal
08/07/2025
In God we trust