OS-specific Security Logs
(OBJ 4.9)
OS-specific Security log example (generic)
- See failed login attempts, incorrect number of attempts to log in over multiple times, and in some cases, even with the password being attempted for that login was.
Simple log
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250725172550.png)
- Every two seconds the user was trying to log in to the system
- Event was a Login Attempt, and the user is trying to log in from 192.55.238.89.
- The status is failed for all of them
- The detail is actually using the smartcard with a PIN and trying to guess what the correct PIN was
- Started with 123456, then 123457, 123458, and so on.
- Account was locked after the fifth attempt for trying to log in too many times
- We then generate an Admin Alert
- If you see this, it is a good indication of a Brute Force style attack.
- Another indicator would be seeing a bunch of randomized digits
Log 2
/CAP/Security+/Visual%20Aids/Pasted%20image%2020250725173003.png)
- Same case as previous log but now using common words as password attempts
- This is a dictionary-based Password Attacks, because they are using common dictionary words like:
- puppy
- baseball
- cupcake
- etc.
- Even if you see variations like puppy1, baseball!, and things like that, that still indicates a dictionary-based password attack