Windows Active Directory Forensics

June was the red team. July is the blue team. We built the AD lab in June — now we're going to attack it on Cover6 infrastructure and watch the alerts fire in real time. Same environment. Same attack chain. Different seat.

🎯 What We'll Cover
- Windows AD forensics — what an attacker leaves behind in the logs
- Event ID deep dive — the 10 IDs every SOC analyst needs to memorize
- BloodHound attack paths — reading the output as a defender
- Kerberoasting detection in Splunk
- Golden Ticket indicators — what makes it "impossible" and how to spot it

Want to follow along in the cloud? Spin up your own Kali droplet: https://m.do.co/c/84eb8a434ffd

🔗 Stay connected:
- Cover6 Solutions: [https://www.cover6solutions.com ](https://www.cover6solutions.com )
- YouTube (live streams + replays): https://www.youtube.com/@Cover6Solutions
- Courses and certification prep: https://cover6solutions.com/courses/

🎤 Submit a talk/demo: https://www.papercall.io/cover6community

Rep the community → https://www.cover6solutions.com/product/cover6-shield-unisex-t-shirt/ Grab a Cover6 Shield tee and show up repping the community that helped get you here.