The original post: /r/cybersecurity by /u/Seltus on 2024-07-04 14:02:50.

Hello everyone!

I am currently doing an internship as an IT tech in a government branch which means I have a lot of downtime.

I have been trying to play around with read only scripts to hone my skills better and see if there’s anything that needs to be cleaned up. Currently I can generate a query of users that have their accounts disabled after x time.

What are some other interesting scripts/queries I can generate that can improve security? I prefer the actions to be read only for now so I can ask my team lead if it’s okay to actually make changes. I appreciate any help or tips given 😁

Note: I did try doing a basic security auditing script to see the last 100 changes to AD from event log but even with an admin account I don’t have privileges to access that. So be wary of that l