Forced Authentication Detection Using Sysmon With A Hands-On Lab.

Forced authentication is a technique where threat actors can gather credentials by forcing a user to automatically provide authentication data and intercept responses. One approach to forced authentication is placing specially crafted files in network resources, like a Windows file share, that will force a Windows credential hash to a threat actor’s tool.