Windows 10 Analysing attacks made in Windows

Cmann

New Member
I am currently in the middle of testing a hack on a Windows 10 virtual machine via brute force attack. I successfully hacked into the Windows 10 (victim) machine via OpenSSH port which I opened myself
I have looked on Windows Event viewer and have noticed that it shows the attack attempts and when it has succeeded.
The event log shows information of the attack with the Event ID and it’s impersonation level.
Is there anywhere in Windows where I can see information about the attacking machine? The attacking machine I used was Kali Linux.
I’m wanting to know if I can pick up information of the attacking machine within Windows such as the name of the user attacking the machine, the type of machine or the host name? All I seem to receiving in the Event Logs is only the IP address of the attacker.
Thanks
 
The hostname would rely on DNS, so unless the attacker has added an entry to DNS you're resolving from then no. And no you wouldn't be able to ID the attacking OS since that type of info isn't transmitted. You could detect and then actively scan it with a tool like nmap
 
Back
Top