Pls I’m confused here with this question of detecting Kerberossting / AS-Reproasting
Modify and employ the provided Sysmon Event 22-based Splunk search on all ingested data (All time) to identify all share names whose location was spoofed by 10.10.0.221. Enter the missing share name from the following list as your answer. myshare, myfileshar3, _
I have trying a lot of modification but it’s keep showing no result
The closest I get listed the user N/A