{"id":206150,"date":"2018-07-07T00:53:00","date_gmt":"2018-07-06T22:53:00","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=206150"},"modified":"2018-06-30T12:56:50","modified_gmt":"2018-06-30T10:56:50","slug":"windows-event-id-4624-codes-erklrt","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2018\/07\/07\/windows-event-id-4624-codes-erklrt\/","title":{"rendered":"Windows Event ID 4624&ndash; Login-Codes erkl&auml;rt"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2013\/03\/winb.jpg\" width=\"58\" align=\"left\" height=\"58\"\/>Kleiner Tipp f\u00fcr Administratoren von Windows-Systemen, die forensische Analysen im Hinblick auf Anmeldevorg\u00e4nge betreiben. Windows Ereignisse mit der Event ID 4624 weisen einen numerischen Code auf, der Hinweise auf den Typ der Anmeldung (oder des Anmeldeversuchs) liefert. <\/p>\n<p><!--more--><\/p>\n<p>Microsoft Mitarbeiterin Jessica Payne arbeite im Sicherheitsteam f\u00fcr den Defender mit. Auf Twitter <a href=\"https:\/\/twitter.com\/jepayneMSFT\/status\/1012815189345857536\" target=\"_blank\">erkl\u00e4rt sie in kurzen Tweets<\/a> die Bedeutung diverser Codes. <\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"de\">\n<p lang=\"en\" dir=\"ltr\">Logon type 10: this is a typical RDP alert meaning that terminal services was engaged for the logon. 3rd party software like virtualization consoles and screen share can also generate it. Means credentials were in memory (lsass) and also hit cached credentials.<\/p>\n<p>\u2014 Jessica Payne (@jepayneMSFT) <a href=\"https:\/\/twitter.com\/jepayneMSFT\/status\/1012815470364319744?ref_src=twsrc%5Etfw\">29. Juni 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Einfach auf den Tweet klicken, dann sollte der gesamte Thread angezeigt werden. Vielleicht ist dies f\u00fcr euch n\u00fctzlich.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kleiner Tipp f\u00fcr Administratoren von Windows-Systemen, die forensische Analysen im Hinblick auf Anmeldevorg\u00e4nge betreiben. Windows Ereignisse mit der Event ID 4624 weisen einen numerischen Code auf, der Hinweise auf den Typ der Anmeldung (oder des Anmeldeversuchs) liefert.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,143,301],"tags":[4328,4351,4325],"class_list":["post-206150","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-tipps","category-windows","tag-sicherheit","tag-tipp","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/206150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=206150"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/206150\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=206150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=206150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=206150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}