Skip to main content

Detecting AD Initial Access

$ tldr TryHackMe · Walkthrough · Medium

Description

Detect AD initial access attacks by analyzing IIS, NPS, and Windows Security logs.
This room requires a TryHackMe subscription (VIP) to access the lab. The official page will tell you if your plan covers it.

Solve the room

Resources by skill

IIS (Microsoft Web Server)

Comments & tips

Solved this room a different way? Share it here — comments live in GitHub Discussions.
Last updated: 2026-05-09