Fundmentals
General Notes
- In LDAP, the
lastlogon
properties logs the last time the user logged in in that domain controller, while the lastlogontimestamp logs the last logon time across all DCs (it is replicated across DCs once every two weeks approx.)
Learning Resources
Introduction to Windows tokens for security practitioners How attackers abuse Access Token Manipulation (ATT&CK T1134)