7MS #525: First Impressions of InsightIDR - Part 2

Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:

• Active Directory enumeration via SharpHound

• Password spraying through Rubeus

• Kerberoasting and ASREPRoasting via Rubeus

• Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.

• Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.

• Pass-the-hash attacks with CrackMapExec

In today's episode I share some emails and conversations we had with Rapid7 about these tests and their results. I'm also thrilled to share with you the articles themselves:

• Getting Started with Rapid7 InsightIDR: A SIEM Tutorial
• Testing & Evaluating SIEM Systems: A Review of Rapid7 InsightIDR