Threat Intelligence Report

From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Will

📅 June 25, 2026 📰 www.huntress.com 🔍 0 CVE(s) referenced

Despite claims of invisibility, LDAP Ping enumeration tools like ldapnomnom are more detectable than advertised—Event 5156 and netlogon.log can reveal TCP-based probes, while true UDP cLDAP remains a blind spot for Windows event logs, requiring defenders to correlate multiple sources or rely on network-level monitoring for full visibility.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle