This sample log is for the blog post on privilege escalation.
Entry # | Keywords | Source | Event ID | Task Category |
---|---|---|---|---|
1 | Audit Success | Microsoft Windows security auditing | 4624 | Logon |
2 | Audit Success | Microsoft Windows security auditing | 4672 | Special Logon |
3 | Audit Success | Microsoft Windows security auditing | 4624 | Logon |
4 | Audit Success | Microsoft Windows security auditing | 4624 | Logon |
5 | Audit Success | Microsoft Windows security auditing | 4648 | Logon |
6 | Audit Failure | Microsoft Windows security auditing | 4673 | Sensitive Privilege Use |
7 | Audit Success | Microsoft Windows security auditing | 4673 | Sensitive Privilege Use |