Skip to content

Fundmentals

General Notes

  • In LDAP, the lastlogon properties logs the last time the user logged in in that domain controller, while the lastlogontimestamp logs the last logon time across all DCs (it is replicated across DCs once every two weeks approx.)

Learning Resources

Introduction to Windows tokens for security practitioners How attackers abuse Access Token Manipulation (ATT&CK T1134)