I cant get this last one, mutliple commands looking at the logs but none the usernames work as the flag I am not sure what I am doing wrong: Some of the commands I used to filter through the logs:
You can Filter even better, when you save get-winevent in a variable and then looking at the properties directly:
$Events = Get-WinEvent -FilterHashTable @{LogName=‘Security’;ID=‘4625’}
$Events[0].property
$Events | foreachObject{$_.property}
still non of the usernames works as a flag…
I dont’t get it either
I also struggled with this for a long time.
Check out this link.
There is a description of how to find a brute force attack.
As you do the assignment, keep in mind that there are logon failures for many different users. Some users may just have forgotten or mistyped their passwords. That is not a brute force attack. You need to find the user with the most logon failures.
Read the above link and it should guide you to the solution.
Read and follow the part under the below section.