Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs

ManageEngine: Detecting Pass-the-Hash Attacks with Log360

Manage Engine
03/26/2026
1
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • Pass-the-Hash attacks exploit NTLM protocol to authenticate using stolen password hashes instead of plaintext passwords, enabling attackers to maintain persistent access until passwords are reset.
  • Log360 provides MITRE ATT&CK-aligned detection reports that identify successful authentications without passwords through log and Sysmon analysis, with visual frequency tracking and detailed event metadata.
  • The solution includes SOAR capabilities for automated incident response such as terminating malicious processes, disabling compromised accounts, and isolating affected devices when Pass-the-Hash activity is detected.

Summary

This demonstration explains how ManageEngine's Log360 SIEM solution detects Pass-the-Hash attacks, a credential theft technique where attackers exploit NTLM protocol vulnerabilities to authenticate using stolen password hashes rather than plaintext passwords. The video walks through the attack methodology—from initial compromise through hash extraction using tools like Mimikatz to lateral movement and privilege escalation—and demonstrates Log360's out-of-the-box detection capabilities. The solution provides MITRE ATT&CK-aligned reporting under the Defense Evasion tactic, offering visual analytics and detailed event logging including IP addresses, event IDs, logon types, and process names. Log360's SOAR capabilities enable automated response workflows such as process termination and device/user disabling when Pass-the-Hash activity is detected. The presentation concludes with preventive best practices including mandatory password resets, MFA implementation, least privilege access controls, and security policy auditing.

Chapters

0:00 - Introduction to Pass-the-Hash Detection
0:17 - Understanding Pass-the-Hash Attacks
1:34 - Attack Methodology and Progression
3:02 - Log360 Detection Capabilities
4:38 - Prevention Best Practices

Key Quotes

0:17 "Pass-the-Hash is an identity-based attack in which adversaries pose as legitimate users to gain unauthorized access to a network."
1:18 "These hashed values remain the same until the user resets the password. Therefore, until and unless a user resets the password, attackers enjoy unlimited access to the network and its resources, aiding lateral movement and privilege escalation."
3:44 "Using log analysis and Sysvon analysis, Log360 accurately spots successful authentications that happen without passwords."
4:22 "Log360 also comes with SOAR capabilities. This means that if you associate a response workflow with an alert profile, Log360 will be able to carry out certain automated actions such as terminating a process or service and disabling a device or user."
Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Threat Intelligence
  • Security Operations
  • Technical Deep Dive
  • Demo
  • Pass-the-Hash attacks
  • NTLM protocol exploitation
  • credential theft detection
  • SIEM threat detection
  • MITRE ATT&CK framework
  • lateral movement prevention
  • SOAR automation
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: ManageEngine: Detecting Pass-the-Hash Attacks with Log360

              Upcoming Webinar Calendar

              • 04/08/2026
                01:00 PM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/
              • 04/15/2026
                01:00 PM
                04/15/2026
                Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities
                https://www.truthinit.com/index.php/channel/1866/service-account-security-in-the-age-of-ai-from-legacy-accounts-to-agentic-identities/
              • 04/30/2026
                10:00 AM
                04/30/2026
                Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection
                https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/

              Upcoming Events

              • Apr
                08

                Managing Configuration at Scale Across Group Policy and Intune

                04/08/202601:00 PM ET
                • Apr
                  15

                  Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities

                  04/15/202601:00 PM ET
                  • Apr
                    30

                    Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

                    04/30/202610:00 AM ET
                    More events
                    Truth in IT
                    • Sponsor
                    • About Us
                    • Terms of Service
                    • Privacy Policy
                    • Contact Us
                    • Preference Management
                    Desktop version
                    Standard version