3 April 2019

Active Directory is a prime target in mostly all cyberattacks, and attackers often attempt to gain Domain Admin privileges and maintain their access. It is therefore crucial for security teams to monitor the changes occurring on Active Directory. ANSSI presented at the Amsterdam 2019 FIRST Technical Colloquium a forensic tool which aim is to create a timeline of Active Directory changes with replication metadata.

SPARTA – A Cybersecurity Competence Network to coordinate research, innovation and training within the European Union

26 February 2019

SPARTA is a new Cybersecurity Competence Network supported by Europe’s H2020 Program. It aims to coordinate and develop the implementation of high-level research and innovation in digital security, in order to strengthen the strategic autonomy of the European Union. The SPARTA consortium assembles, for the first time, 44 actors from more than 14 Member States, bringing together the expertise of different kind of stakeholders, be they research institutes, private organisations or national authorities, including ANSSI.

See all news


Configuration recommendations of a gnu/linux system

22 February 2019

GNU/Linux distributions are highly heterogeneou, the control of the system platform is a complex task; expertise becomes really necessary as the number of services and servers increases. However, some hardening measures can be implemented based on the expected security level, which will depend on the sensitivity of the data handled or hosted by the system […]

AmCache Analysis

21 January 2019

Frequently overlooked and understudied, this database is rarely fully exploited when doing incident response. Indeed, its correct interpretation is complex: a lot of special cases can occur that have to be taken into account when performing an analysis. However, the information collected by the AmCache is extremely useful and the lack of awareness about this […]

See all publications