MENASEC - Applied Security Research: An overview of Windows EventID 4648 - Logon with explicit credentials
Detecting Lateral Movement 101 (Part-2): Hunting for malcode Execution via WMI using Windows Event Log Analysis | by imp hash | Medium
Windows ID 4648 "A logon was attempted using explicit credentials" - @port139 Blog
MENASEC - Applied Security Research: An overview of Windows EventID 4648 - Logon with explicit credentials
4776(S, F) The computer attempted to validate the credentials for an account. - Windows Security | Microsoft Learn
Windows ID 4648 "A logon was attempted using explicit credentials" - @port139 Blog
Mimikatz usage & detection – 0xf0x.com – Malware, Threat Hunting & Incident Response
4634(S) An account was logged off. - Windows Security | Microsoft Learn
4648(S) A logon was attempted using explicit credentials. - Windows Security | Microsoft Learn
MENASEC - Applied Security Research: An overview of Windows EventID 4648 - Logon with explicit credentials
Windows event ID 4648 - A logon was attempted using explicit credentials | Windows security encyclopedia
4648(S) A logon was attempted using explicit credentials. - Windows Security | Microsoft Learn
Windows Event ID 4648 - ArcSight User Discussions - ArcSight
windows - EVENTID 4648. Mismatch ,Subject (Standard User), CredentialsUsed (Admin), Target(Localhost) - Server Fault
MENASEC - Applied Security Research: An overview of Windows EventID 4648 - Logon with explicit credentials
![4648: A Logon was Attempted Using Explicit Credentials [Fix]](https://cdn.windowsreport.com/wp-content/uploads/2022/12/Untitled-design-22-1200x1200.png "4648: A Logon was Attempted Using Explicit Credentials [Fix]")
4648: A Logon was Attempted Using Explicit Credentials [Fix]
PsExec and NTUSER data - Digital Forensics & Incident Response
![4648: A Logon was Attempted Using Explicit Credentials [Fix]](https://cdn.windowsreport.com/wp-content/uploads/2022/12/Untitled-design-22.png "4648: A Logon was Attempted Using Explicit Credentials [Fix]")
4648: A Logon was Attempted Using Explicit Credentials [Fix]
Chapter 5 Logon/Logoff Events
Windows Security Log Event ID 4648 - A logon was attempted using explicit credentials
Threat Hunting Using Windows Security Log - Security Investigation
Fix Event ID 4648 A Logon Was Attempted Using Explicit Credentials - YouTube
AppInsight for Active Directory Alert is not really helpful ? - Forum - Server & Application Monitor (SAM) - THWACK
Windows ID 4648 "A logon was attempted using explicit credentials" - @port139 Blog
Windows RDP-Related Event Logs: The Client Side of the Story
Using the Convert-EventLogRecord function alongside the Get-WinEvent PowerShell cmdlet to search Windows event logs – 4sysops
Active Directory Lateral Movement Detection: Threat Research Release, November 2021 | Splunk
